SOURCE: Plug & Pay Technologies Inc.
Modification To Permitted Ciphers
Hauppauge, NY - September 7, 2022

REDUCING RISK
Migration from SSL and Early TLS Deadline

Effective September 30th 2022

⚠️ IMPORTANT NOTICE

This matter pertains to ALL users (i.e. merchants, resellers, partners, application developers, shopping carts, etc...) connecting to our payment gateway domain and related systems.

Immediate testing is required to ensure continued access/integration to our payment gateway services.

    • For Windows desktop users, please use Microsoft's ability for Windows 7/8/8.1 users to upgrade to Window 10 at no charge.
        Windows 8.1 can be used if properly patched.
        For specialized patching for Windows Server 2012 R2 & Windows 8.1, see this Security Advisory & Windows Update KB 291355. You may also go here for related info.

    • For Windows server users, you may have to upgrade to a newer version of Windows to ensure compliance and compatibility.
        Windows server 2012 R2 can be used if properly patched.
        For specialized patching for Windows Server 2012 R2 & Windows 8.1, see this Security Advisory & Windows Update KB 291355. You may also go here for related info.

    • Windows versions known to be affected by this change are:
        Windows Server 2012 & all earlier server editions
        Windows CE, XP Embedded and related editions

All other operating systems and applications, please ensure the operating system and any related app/interfaces meet the below requirements.

You must ensure that whatever app/interface adjustments required be completed no later than Sept 30th 2022.

The Payment Card Industry Security Standards Council (PCI SSC) mandate transition from all versions of SSL, TLS 1.0 and TLS 1.1 communication protocols to a more secure version of TLS (currently TLS v1.2).

Plug and Pay has established a compliance deadline for all transaction traffic to update to use strong TLS 1.2 ciphers by September 30th 2022.

Merchants not running modern software or have not upgraded by this date may experience service outages and will not be able to process transactions until an upgrade to strong TLS 1.2 ciphers is performed.

If any errors are returned indicating there was no connection, or no response is returned, this would indicate a connection problem.

Please contact support@plugnpay.com, so we may work with you &/or your staff on the matter.

Addition Information:

To maintain our systems security, only these TLS 1.2 ciphers will be permitted on Sept 30th, 2022

* May require specialized patching to manually activate/apply in Windows Server 2012 R2 and Windows 8.1

• To see which versions of TLS your build of Windows can support, please click here for related information.

Potentially some Unix/Linux servers running older versions of OpenSSL &/or other related encryption suites could also be affected, if said encryption suite is not kept current.

Customer Access To Billing Pages:

Customers who can't reach our gateway hosted billing pages may need to upgrade to a more current operating system.
Minimum operating system requirements would be Windows 10+, MacOS 10.8+, iOS 5.0+ or Android 5.0+.
Anything older would likely not be able to connect to us, as it's lacking the ability to utilize strong enough encryption methods to connect to the HTTPS URL.

Vermont System Clients:

Vermont Systems clients must on/after Sept 30th, must have the domain name within the URL you're calling as 'pay1.plugnpay.com'.

RecTrac 10.3

RecTrac 3.1

If you are sure connections are failing, the options are: