eProcessing Network Changes

**ShannonWatts** · 4 Jun 2015, 12:22 AM

We use eProcessing Network (ePN) as our credit card processor. Recently ePN has posted the following announcement:

"Due to PCI requirements, ePN will discontinue communications using TLS v1.0 and TLS v1.1 effective June 30, 2015. After this date, we will only support communications using TLS v1.2.
If you have previously used the ePN TDBE - (Transparent Database Engine Integration) or the AuthNet™ Emulator to integrate with the ePN processing platform, you will be required to make a small, yet significant change to the API call within your shopping cart or website to support Transport Layer Security (TLS) v1.2."

Will our cart will stop working when ePN makes the change on their side? We're using the Authorizenet_aim module. I hope I'm wrong and everything will continue to function as it has been. ePN support is a joke. I'm hoping to have more luck here.

Unfortunately moving to another processor is not an option since our customer likes them. Thanks in advance for your advice or suggestions.

**RodG** · 4 Jun 2015, 12:37 AM

Originally Posted by ShannonWatts

We use eProcessing Network (ePN) as our credit card processor. Recently ePN has posted the following announcement:

"Due to PCI requirements, ePN will discontinue communications using TLS v1.0 and TLS v1.1 effective June 30, 2015. After this date, we will only support communications using TLS v1.2.

Wow, are they a little late coming to the party. (This relates to the poodle vulnerabilty that was discovered late last year)
https://www.zen-cart.com/showthread....yment-security

Originally Posted by ShannonWatts

Will our cart will stop working when ePN makes the change on their side? We're using the Authorizenet_aim module.

If you are using the current zencart V1.5.4 you'll have no problems.

If you are using an older version you'll probably need to apply the fixes as discussed in the thread provided by the link I've just provided.

Cheers
RodG

**ShannonWatts** · 8 Jun 2015, 04:51 PM

Thanks for the quick response RodG! I should probably upgrade to the latest version anyway. I'll give it a try.

**barco57** · 8 Jun 2015, 06:26 PM

@RodG Poodle was a SSLv3 issue. Dropping of tls 1.0/1,1 is related to change in PCI DSS 3.0/3.1 implemented this spring.

**DrByte** · 11 Jun 2015, 02:29 AM

Originally Posted by ShannonWatts

you will be required to make a small, yet significant change to the API call within your shopping cart or website to support Transport Layer Security (TLS) v1.2."

Contact them back and ask WHAT specific "tiny but significant change" needs to be made in the code. The technical specifics are key.

I imagine making the same changes as posted a couple answers above regarding POODLE changes will suffice (ie: commenting out the CURL_SSLVERSION line, if there is one). But that's just a guess in the absence of specifics that eProcessing is saying they want to see.