SSL Cipher update required by PayPal, and Authorize.Net, as well as industry best-practices.
Posted by Tegan King on 16 June 2017 11:13 AM
In order to keep up-to-date with today’s security standards, EPhost will be implementing some changes to ensure the shared hosting and managed dedicated servers are secure. These changes were required by PayPal, and Authorize.Net, as well as industry best-practices. All customers making outbound calls to secure APIs, for payment transactions or other uses, could be affected.
All EPhost shared hosting and managed dedicated servers will have SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 disabled & TLS 1.2 enabled as of June 16th 2017. This affects both inbound and outbound SSL connections. Please ensure your application is compatible with these server changes for TLS 1.2 to connect to your API or payment gateway.
Please Note: In order to ensure secure transactions in the future, all API and payment processors will require TLS 1.2 as of June 2017.
All managed server clients will be contacted individually to find out if they would like us to update their server(s). Or please feel free to contact us.
The following changes will be implemented on all EPhost Infrastructure and Shared Web Servers.
Windows and Linux
1) Disable SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1
Programming languages will have the following changes made.
1)Coldfusion - Update JDK 8 or higher
2)PHP cURL - http://docs.php.net/manual/en/migration56.openssl.php#migration56.openssl.crypto-method (You will need your developer to assist in updating your website code if you use cURL)
3)ASP.NET - Upgrade to Framework 4.6 (This will require ASP.NET 4.0 extension in control panel, ASP.NET 2.0 will not work)
All these changes will be made on June 16th @ 3PM PST
If you have any questions or concerns or would like a sandbox account to test, please email us at email@example.com