Test TLS Negotiations

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

IMPORTANT NOTE: TLS 1.1 is being discontinued.

Test TLS from PAS or a Web Server

  1. At the command line, navigate to the OpenSSL directory.

  2. Enter the command OpenSSL then press the [Enter] key.

  3. At the OpenSSL prompt enter the command s_client -host [cert-]xipayapi.worldpay.com -port 443 then press the [Enter] key.

  4. In the response, under the “SSL-Session:” heading the protocol TLS 1.2 or 1.3 should be defined.

  5. A return verify code of 19 is correct as Paymetric uses self-signed certificates.

Test TLS from a Browser

  1. Disable all SSL protocols in your browser settings. Refer to the following site for instructions: http://tweaks.com/windows/67027/how-to-protect-ie-chrome-and-firefox-from-the-poodle-ssl-v3-exploit/

  2. Test your browser access to XiIntercept or XiPay WebGUI.

  3. Successful access confirms SSL is not needed and TLS is enabled.

You may turn on SSL 3 again if necessary to access other websites, but it will not work when accessing XiIntercept interface or XiPay WebGUI. Additionally, the industry warns against using any version of SSL. SSL 1 and 2 should not be enabled, there are far too many documented vulnerabilities associated with them.