Authorize.net TLS Disablement Notice nodejs

0
votes

Few days back, i got a notice from Authorize.net to disable TLS 1.0 and TLS 1.1

i am using nodejs here is my code in app.js to disable the TLS1.0 and TLS 1.1

var sslOptions = {
  key: fs.readFileSync('/etc/ssl/private/private.key'),
  cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
  secureProtocol: 'SSLv23_server_method',
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
  ca: [
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
        ],
      ciphers:[
    "ECDHE-RSA-AES256-SHA384",
    "DHE-RSA-AES256-SHA384",
    "ECDHE-RSA-AES256-SHA256",
    "DHE-RSA-AES256-SHA256",
    "ECDHE-RSA-AES128-SHA256",
    "DHE-RSA-AES128-SHA256",
    "HIGH",
    "!aNULL",
    "!eNULL",
    "!EXPORT",
    "!DES",
    "!RC4",
    "!MD5",
    "!PSK",
    "!SRP",
    "!CAMELLIA",
    "!3DES"
].join(':'),
  //ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
  requestCert: false,
  rejectUnauthorized: false
};

But it seems i am missing something. I did SSL labs test after 30 hours and i got following results:-

enter image description here

Any idea what i need to do?

Thanks

2
node.jssslauthorize.nettls1.2pci-compliance
What does what you get on SSL Labs have to do with YOUR code? This is their server telling you what capabilities another server has. Nothing in your code is going to change that.Simon_Weaver

2 Answers

1
votes

Try changing SSLv23_server_method to TLSv1_2_server_method 

var sslOptions = {
  key: fs.readFileSync('/etc/ssl/private/private.key'),
  cert: fs.readFileSync('/etc/ssl/certs/STAR_crt.com.crt'),
  secureProtocol: 'TLSv1_2_server_method',
    secureOptions: constants.SSL_OP_NO_SSLv3 | constants.SSL_OP_NO_TLSv1,
  ca: [
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_1.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_2.crt'),
            fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot_3.crt')
        ],
      ciphers:[
    "ECDHE-RSA-AES256-SHA384",
    "DHE-RSA-AES256-SHA384",
    "ECDHE-RSA-AES256-SHA256",
    "DHE-RSA-AES256-SHA256",
    "ECDHE-RSA-AES128-SHA256",
    "DHE-RSA-AES128-SHA256",
    "HIGH",
    "!aNULL",
    "!eNULL",
    "!EXPORT",
    "!DES",
    "!RC4",
    "!MD5",
    "!PSK",
    "!SRP",
    "!CAMELLIA",
    "!3DES"
].join(':'),
  //ca: fs.readFileSync('/etc/ssl/certs/AddTrustExternalCARoot.crt'),
  requestCert: false,
  rejectUnauthorized: false
};
-1
votes

The announcement was that Authorize.Net will stop supporting TLS 1.1 and 1.0 in February 2018, you need to ensure your system can make a TLS 1.2 connection by then. You can test this by connecting to the sandbox which only supports TLS 1.2.