Due to PCI-DSS compliance, from March 1st 2018, the UOL BoaCompra postback endpoint will start to accept only TLS 1.2 connections. This means you will have to make a few adjustments in your integration. Two options are provided:
Checking TLS protocol version
To test if your environment is prepared to TLS 1.2 protocol, send a request from your server to https://www.howsmyssl.com/a/check and check which is TLS protocol version (by tls_version in response), if is TLS 1.2, your environment is ready to send connections with TLS 1.2 protocol and no action is required.
<?php $curl = curl_init('https://www.howsmyssl.com/a/check'); curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); $response = curl_exec($curl); curl_close($curl); $json = json_decode($response); echo $json->tls_version;
To send postback using TLS 1.0/1.1 protocol, you can uses alternative endpoint.
|Alternative URL to postback|
|Change postback URL as follows|
|Old url||New Url|
Sending with TLS 1.2 protocol
Java 5 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint
Java 6-7: Set to use TLS1.2 by SSLContext.
Java 8 or later: TLS 1.2 is default.
Set TLS1.2 by SSLContext
SSLContext sc = SSLContext.getInstance("TLSv1.2"); sc.init(null, null, new java.security.SecureRandom()); HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection(); con.setSSLSocketFactory(sc.getSocketFactory());
.NET Framework 4.0 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint
.NET Framework 4.5: Set to use TLS1.2 by SecurityProtocol
.NET Framework 4.6 or later: TLS 1.2 is default.
Set security protocol before the connection
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
PHP, Ruby, Node and Python
It’s necessary to update openssl to 1.0.1c or later in your operating system
Force TLS 1.2 protocol in PHP (requires CURL 7.34.0 or later)
<?php curl_setopt ($curl, CURLOPT_SSLVERSION, 6);