NSoftware Payment Gateway v4 + EPi Commerce 8.15.0

Vote:
 

Hi,

We're currently running EPiServer Commerce (EPiServer.Commerce.Core.8.15.0) using the version v4.1.3575.0 of the NSoftware Payment Integrator component (nsoftware.IBizPay.dll). I recently had to deal with UPS changing their web services to no longer support TLS 1.0. The NSoftware shipping component we used (v5.x) used TLS 1.0 by default. NSoftware was able to give us a line of code to use to force TLS 1.2 so this issue was resolved.

This made me think about our NSoftware payment component in EPiServer. Given that a v5.x dll didn't default to TLS 1.2, my guess was that v4.1 of the payment component wouldn't either. I verified using Wireshark that the credit card authorization calls to Chase Orbital on our site use TLS 1.0. Unlike our UPS issue where our code calls NSoftware directly, the NSoftware payment component is called by the Mediachase commerce code. In other words, I don't have access to the calls to the NSoftware method in order to specify any custom parameters as with the UPS issue.

Questions:

1) Is there a way to use a newer version of the NSoftare Payment dll with EPiServer.Commerce.Core.8.15.0?

2) Do newer versions of EPiServer Commerce support the latest version of the NSoftware Payment dll (nsoftware.IBizPay.dll)? If so, what version?

3) If newer versions of EPiServer support a newer version of NSoftware, can you verify TLS 1.2 is used by default

I have not yet heard from Chase Paymenttech when they will no longer support TLS 1.0 but I did read that TLS 1.0 will no longer be accepted for PCI compliance as of June 30, 2016 (http://blog.varonis.com/ssl-and-tls-1-0-no-longer-acceptable-for-pci-compliance/) so I would like to make sure our EPiServer Commerce site is updated for when this inevitably happens.

Thanks,

Rex

#143388
Jan 21, 2016 19:36
Vote:
 

Thanks for the feedback, we will log a bug (COM-871) to support the minimum version of NSoftware that supports  TLS 1.2 in an upcoming version.  For your current version you could try a nuget force update version and update assembly bindings.  I am not sure if there are breaking channges that affect the providers so an upgrade to a released version that fixes the issue might be the only option

#143390
Edited, Jan 21, 2016 20:31
Vote:
 
<p>Hi Mark,</p> <p>Thanks for the response. To clarify, the nsoftware.IBizPay dll is included in the EPiServer.Commerce.Core nuget package so I can't nuget force an upgrade. I tried downloading the latest 9.6 version of that package and it still includes the old V4.1.3575 nsoftware.IBizPay.dll.</p> <p>The latest version of nsoftware is 6.0.5849.0 The dll is actually a new filename now nsoftware.InPay.dll ("InPay" not "IBizPay") so It's highly possible there are breaking changes requiring EPiServer to be updated.</p> <p>It sounds like I need to wait for a new version of EPiServer commerce that supports a version of NSoftware that defaults to TLS 1.2 as you mentioned.</p> <p>Thanks,</p> <p>Rex</p>
#143393
Jan 21, 2016 21:58
Vote:
 

Hi Mark,

I reached out to NSoftware. They said that just dropping in the version 6 dll over the version 4 dll will not work (as expected). However, they said not much as changed between 4 and 6 so updating EPiServer to support v6 should hopefully not take too much effort. 

Thanks,

Rex

#143395
Jan 22, 2016 0:09
Vote:
 

Hi,

I reached out to Chase Paymenttech and they said that the Orbital gateway will no longer accept SSL and outdated TLS requests starting June 2016.

Thanks,

Rex

#143436
Jan 23, 2016 4:22
Vote:
 

Due to licensing issues we have open sourced the nsoftware payment gateways and upgraded them to the latest version.  To use the alatest version you will need to aquire a license from nsoftware

https://github.com/episerver/CommercePaymentGateways

#147979
Apr 29, 2016 9:13
* You are NOT allowed to include any hyperlinks in the post because your account hasn't associated to your company. User profile should be updated.