Kartris User Guide

18.2. Outgoing TLS connections

Not to be confused with the security applied to the pages of your web site, Kartris must also at times call URLs securely. For example, Kartris connects to the changelog feed, shows the latest Kartris version available, the news and so on. But most importantly, some payment systems require Kartris to connect to them using TLS, and real time shipping systems like UPS and USPS also use secure connections.

In 2018, many different payment systems will be dropping support for older protocols, and will only support TLS 1.2 or above. In order for your web site to continue to be able to connect to remote systems using secure connections, you must ensure that your web site is ready.

18.2.1. Server support

The first step is to ensure your server has support for TLS 1.2, outgoing, as well as incoming. If you are on a shared server, you should check with your web host. If you have your own server, you will need to check and may have to make registry changes yourself. We found that Windows Server 2008 R2, for example, even with all up-to-date patches on, does not have TLS 1.2 support by default and requires registry changes.

Check the following article for further details:

Enabling TLS 1.2 on Windows Server 2008 R2

18.2.2. Run site as ASP.NET 4.6 or above

From ASP.NET 4.6 onwards, TLS 1.2 is the default. This means if your server has been kept up to date with patches and .NET updates when they've become available, and (if required) has the necessary registry changes (see @18.2.1. Server support‍ above) then it should make outgoing secure connections using TLS 1.2 by default. The easiest way to test this is to simply try switching the web site to ASP.NET 4.6 and then test that it works. To do this, open the web.config file (in the root of the web) and find this code:

<compilation debug="false" batch="false" targetFramework="4.5">

and simply change the target framework to 4.6:

<compilation debug="false" batch="false" targetFramework="4.6">

Then reload the web site. It will take a few seconds as changes to the web.config will cause the web site code to rebuild. But you should see the web site load up and it should work exactly like it did before the change. If some page error appears, and you're sure the change you made above was done correctly, restore the original web.config file, as it seems your server does not have .NET 4.6.

You can try adding this (or check with your host if on a shared server), and then try the process above again. This avoids any code changes in Kartris.

18.2.3. ASP.NET 4.5 solution

If you are on a server where you cannot install the newer .NET versions, then you may be restricted to ASP.NET 4.5. This does support TLS 1.2, but it is not used by default. You can force this by adding this code within the Application_Start event in the Global.asax file in the root of the web:

Try
    System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12
Catch
End Try

18.2.4. Older ASP.NET versions

If you are running older versions of Kartris that are still on the ASP.NET 2.x branch (up to 3.5), then it seems Microsoft is rolling out support to these. However, we're no longer providing all payment plugins compiled for this branch, and are not supporting these older sites with updates, so we'd strongly recommend upgrading to the latest version of Kartris.

TLS 1.2 support, including for older ASP.NET versions

 
powered by tomehost