Menu

TLS/SSL frequently asked questions

At HAQM, we always believe in giving you many secure choices to communicate with us. We are now offering a default Transport Layer Security (TLS) 1.2 or higher version connection.

What are the Secure Sockets Layer (SSL) and Transport Security Layer (TLS) protocols?

SSL and TLS are widely used protocols designed to transport data securely between a client and a server. The use of SSL during the 1990s enabled the beginning of secure commerce on the Internet. Its successor protocol, TLS, continues to be used by web browsers and servers to protect the privacy of Web communications. When a URL address contains HTTPS, the 'S' stands for secure, and indicates that data is being transmitted securely using one of these protocols.

Where is TLS used by HAQM Pay?

TLS is used by HAQM Pay to secure the following information in transit:

  • Buyers’ Personally Identifiable Information (PII)
  • Cardholder data
  • Communications from merchants’ servers to HAQM Payments’ API endpoints
  • Instant Payment Notifications (IPN) sent to merchants’ endpoints

If you are using HAQM Pay and would like to know more about how this service makes use of SSL/TLS, please see this section of our documentation.

What SSL/TLS versions does HAQM Pay support?

Currently supported TLS versions are 1.2 or higher, and older versions of TLS are not supported for entering payment card details. HAQM Pay removed support for SSL in 2015.

How can I test whether my HAQM Pay integration supports TLS 1.2?

There are two communications channels to consider when determining whether your HAQM Pay integration supports TLS 1.2:

  1. The API requests from your server(s) to the HAQM Pay endpoints.
    The following are technologies commonly used for HAQM Pay integrations that are known to support TLS 1.2:
    • .NET — .NET 4.6 uses TLS 1.2 automatically. .NET 4.5 can be configured to use TLS 1.2. .NET 3 and below does not support TLS 1.2.
    • Java — Java 6 does not support TLS 1.2 natively, but support for TLS 1.2 in Java 6 is provided by third parties. Java 7 supports TLS 1.2, but does not enable its use by default for clients. TLS 1.2 is enabled by default beginning in Java 8.
    • OpenSSL (PHP, Ruby, Python) — Most dynamic languages such as Ruby, PHP, and Python rely on the underlying operating system's OpenSSL version. You can check it by running the command ‘openssl version’. 1.0.1 is the minimum required.
  2. The payment notifications sent from HAQM Pay’s server(s) to your endpoint.
    To confirm that your server accepts payment notifications using TLS 1.2, online tools such as Qualys SSL Labs provide an easy method to determine TLS protocol compatibility and best practices for your site.

Please contact us if you have any questions or need more information.