Merchant

Gateway

  1. Overview
  2. Core Services
  3. Gateway
  4. Issue

Global Payments Integrated - Merchantware - Planned Change - Disablement of non-compliant Weak Cipher Suites

Information

A permanent change to supported cipher suites is scheduled for:

‘Cayan’ MerchantWare (Genius) platform - Tuesday, February 11th, 2025, 9:30am UTC

In accordance with evolving security best practices and regulatory compliance requirements, all Global Payments Integrated customer facing platforms will be updated with a new restrictive list of supported cipher suites. Ciphers are one component determining encryption strength for every connection between merchant POS systems and GP Integrated’s Gateway platforms. A detailed description of cipher suites can be found here.

The updated cipher list will restrict available ciphers to only the two denoted below:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

These two cipher suites are widely supported by all major browsers, operating systems and applications. Monitoring of all platforms traffic confirms nearly 100% of our customers support these ciphers and should not experience any issues after the change.

It is recommended you verify cipher support using a tool such as https://browserleaks.com/tls

*The test must be performed from the system(s) connecting to GP Integrated’s platforms to perform transactions and/or access our hosted payment and merchant portal applications. If you are using a cloud based POS Solution this test will not verify the ability to communicate with our systems, you should ensure that your POS provider is aware of this and can perform their own validation process.

Relevant information is listed in the Supported Cipher Suites (in order as received). Your results should be compared to the updated cipher list above to ensure at least one of the listed ciphers matches (ordering is not critical)

*The hex reference for each cipher (e.g. 0xc030) is provided and is the most accurate way to compare cipher references, as naming formats can vary.

If there are no matching results you will need to contact your appropriate IT support team to assist in remedial action. The most common reasons are:

  1. An outdated or no longer supported operating system such as Windows 7. Ensure your systems are running an OS that is still actively receiving security updates, and supports current best practice encryption technologies.
  2. A client side cipher restriction that does not include the two ciphers listed above.
  3. Use of unsupported Web Service Libraries such as .NET 4.03 within the POS Application.