TLS MANDATE
Important Notification Regarding TLS 1.2 Protocol Mandate
Who Is Impacted?
All CCAvenue customers and merchants accessing any CCAvenue solution must upgrade /configure systems for use of TLS 1.2.
This is a security requirement regardless if the data being accessed is PCI related or not. As this is an industry-wide initiative, your IT
organizations should already be determining what actions are required to comply, including applications and systems beyond those connecting to CCAvenue.
Upgrade Requirements
There are two primary methods for communicating with CCAvenue PG:
- Connecting to CCAvenue via a Web Browser while processing Transactions.
|
- Connecting to CCAvenue via API Calls.
|
How to Test?
You may use our integration and API kits and hit the below mentioned UAT URLs enabled for TLS 1.2.
Application |
Module |
UAT URLs |
New CCAvenue PG |
API |
https://logintest.ccavenue.com/apis/servlet/DoWebTrans |
|
Transactions |
https://test.ccavenue.com/ |
For those using the Old CCAvenue PG |
API |
Order Status Tracker
https://cctest.ccavenue.com/servlet/new_txn.OrderStatusTracker
Refund API Link
https:// cctest.ccavenue.com/servlet/ccav.Refund_NetBnk
|
|
Transactions |
Redirect Billing Page Integration
https://cctest.ccavenue.com/shopzone/cc_details.jsp
Seamless Credit card
https://cctest.ccavenue.com /servlet/new_txn.MotoTrans
Seamless Netbanking
https://cctest.ccavenue.com/servlet/new_txn.PaymentIntegration
|
Steps to Migrate to TLS 1.2
Listing sample changes for JAVA applications:
- If you are using jdk 1.8 and above, there would be no changes required as it uses TLS 1.2 by default.
- If you are using jdk 1.7, you need to make changes in your code to use TLS 1.2 protocol. For your reference, here is a sample java code.
Example:
System.setProperty("https.protocols", "TLSv1.2");
System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
- If you are using jdk 1.6 and below, you have to mandatorily upgrade to latest jdk version, as jdk 1.6 does not support TLS 1.2 Protocol.
URLs for your reference:
CCAvenue applications accessed via Web Browser:
Customers must ensure they are using compatible browsers with appropriate configurations. In case of any TLS related errors, please upgrade the browser to the latest version.
We would be happy to help you ensure compatibility in any way we can. Please feel free to get in touch with us at
service@ccavenue.com in case of any concerns. In case you wish to speak to us, you may call 022-67425555 EXT: 401-409