BEST PRACTICES
The following information is provided to help you test whether you use SSL version 3, and to help you disable it.
To encourage security best practices, Authorize.Net strongly recommends using the highest version of TLS your configuration will support. For most configurations this should be TLS 1.2.
We also recommend including support for TLS 1.1, in case there are issues with your current TLS 1.2 configuration.
We will allow TLS 1.0 connections as well, but as a best practice we recommend using TLS 1.0 as an option of last resort. We may discontinue support for TLS 1.0 at a future date.
Connections that require SSL v3 will be refused. However, your server may continue to support SSL v3 as long as it uses TLS as its preferred protocol. We recommend disabling SSL v3 as a security best practice, regardless.
TESTING
To test your externally facing server configuration for TLS support, visit https://www.ssllabs.com/ssltest/index.html.
You can compare the results to the Authorize.Net SSL configurations to maximize compatibility with the protocols and ciphers we support:
- https://www.ssllabs.com/ssltest/analyze.html?d=digitaljetstream.com
- https://www.ssllabs.com/ssltest/analyze.html?d=digitalhoststream.com
- https://www.ssllabs.com/ssltest/analyze.html?d=digitalphonestream.com
For internal servers, a vulnerability scanner or vulnerability management suite may be needed. Here are a few possible options for you. (Note, these are not recommendations--DigitalJetstream does not endorse the use of a particular product, nor do we claim a product is suitable for all uses.)
https://www.trustwave.com/Services/SpiderLabs-Services/Vulnerability-Management/ (commercial)
https://www.qualys.com/enterprises/qualysguard/vulnerability-management/ (commercial)
http://www.tenable.com/products (commercial)
http://www.bolet.org/TestSSLServer/ (open source)
http://code.google.com/p/sslaudit/ (open source)