Authorize.NET, Cybersource, PCI and TLS 1.2


In order to comply with new Payment Card Industry (PCI) requirements, payment gateways such as Authorize.NET and Cybersource are dropping support for older versions of HTTPS security protocols (TLS 1.0 and TLS 1.1) and requiring TLS 1.2. This change has already occurred in the Authorize.NET sandbox environment.

To ensure your Active Commerce installation utilizes TLS 1.2, you may need to enable it as a security protocol with .NET. This can be done in a Sitecore initialize pipeline processor. An example is attached to this article.

Note that this example keeps TLS 1.0 and TLS 1.1 enabled in case other integrated web services still require it. The necessary and recommended security protocols will be specific to your implementation, thus you should adjust this as needed and test your implementation thoroughly before deploying to production.


Related Errors

If you do not apply the necessary update, you may encounter errors during order processing such as:

Error invoking payment provider --->
System.Net.WebException: The underlying connection was closed:
An unexpected error occurred on a send. --->
System.IO.IOException: Unable to read data from the transport connection:
An existing connection was forcibly closed by the remote host. --->
An existing connection was forcibly closed by the remote host


More Information

PCI - Migrating from SSL and Early TLS

Cybersource Security Updates - Spring/Summer 2017

Authorize.NET - Important TLS Disablement Notice


Example Code

Have more questions? Submit a request