TLS Upgrade Guide
Why upgrade?
Starting from Feb 1, 2023, Checus will no longer support SSL, TLS 1.0, or TLS 1.1. To protect sensitive data and comply with PCI standards, all merchants and service providers must use TLS 1.2 or above. Older protocols have known vulnerabilities that attackers can exploit.
Am I affected?
You may be affected if you still use legacy OS, browsers, or libraries. For a list of browsers and components supporting TLS 1.2, see the Browser and Component list.
API library support
Before upgrading, ensure the following components meet TLS 1.2 requirements:
- Java: 6u45 / 7u45 require upgrades; 8+ supports TLS 1.2
- .NET: pre-4.5 does not support TLS 1.2; 4.5 requires manual enablement
- OpenSSL: minimum version 1.0.1
- Dynamic languages (Ruby, PHP, Python) rely on system OpenSSL; check via
openssl version
We cannot fix your code directly, but we can advise on compatibility.
Browser support
Most modern browsers support TLS 1.2. The following versions require upgrades:
- Chrome ≤ 29
- Firefox ≤ 26
- IE ≤ 10
- Safari ≤ 8
- iOS ≤ 4
- Android ≤ 4
Client support matrix
| System/Browser/Env | Support |
|---|---|
| Android 8/9 | |
| Chrome 70/80 | |
| Firefox 62/73 | |
| IE 8 / XP | |
| IE 11 / Win7/10 | |
| Edge 15/16/18 | |
| Java 8u161 / 11 | |
| OpenSSL 1.0.2s+ | |
| Safari 10/iOS10 |
Supported cipher suites
- ECDHE family: AES128/256-GCM, AES128/256-SHA256, CHACHA20-POLY1305
- AES family: AES128-GCM-SHA256, AES256-GCM-SHA384
- TLS 1.3: TLS_AES_128_GCM_SHA256, TLS_AES_256_GCM_SHA384, etc.