Posted by Aaron on April 06, 2017

TLS 1.2 support for pre-BVC 2017

Comments (0)

Background

PCI Compliance requires that your website support TLS 1.2 for secure (https) connections. Only BV Commerce 2017 and above support TLS 1.2. You are also required to disable support for older versions like TLS 1.0. Unfortunately, there are still users who can only support older versions of TLS so disabling it will prevent those users from viewing secure pages...like your checkout pages. Read our post from August to learn how you can maintain PCI Compliance while still supporting older versions of TLS through June 2018.

BVC 5 and 2004

Unfortunately BV Commerce 5.X and 2004 cannot support TLS 1.2. This isn't a limitation of BV Commerce but rather the older versions of the Microsoft .NET Framework on which it is built. To support TLS 1.2 you must upgrade to BV Commerce 2017 or above.

BVC 2013-2015 SP2

BV Commerce 2013-2015 SP2 do not support TLS 1.2 and, as with BVC 5 and 2004, this limitation is imposed by the .NET Framework. To support TLS 1.2 you must upgrade to BV Commerce 2017 or above. However, since these versions of BV Commerce were built with a newer version of the .NET Framework there is an unsupported workaround outlined below. Note that this workaround requires that you have direct server access (i.e. dedicated server) or that your hosting provider is willing to make these configuration changes to a shared server. Since these changes will effect all customers on the server your hosting provider may understandably be unwilling to do this.

Unsupported Workaround for BVC 2013-2015 SP2

Below are the two steps necessary to implement the unsupported workaround to add TLS 1.2 support to BVC 2013-2015 SP2. This workaround will only work for these versions of BV Commerce.

Step 1: Install .NET Framework 4.5, 4.5.1, or 4.5.2

First you must install the .NET Framework 4.5, 4.5.1, or 4.5.2 on the server. This requires Windows Server 2008 SP2 or above. Of these three versions, 4.5.2 is the only version that Microsoft still presently supports so it is your best option. However, the other versions are sufficient for this workaround.

Step 2: Enable TLS 1.2 for .NET 4.0

Next you must enable TLS 1.2 support for the .NET Framework 4.0. There are two ways to achieve this:

Option 1: Registry change (server-wide change)

Download NET40-Enable-TLS-12.reg and run this .reg file on the server to update the registry. The server will need to be rebooted after applying this change. Note that this is a server-wide change and will affect all sites hosted on the server.

Option 2: BVC Code Change (site-specific change)

Add this line of code as the first line inside the Application_Start method in Global.asax:

System.Net.ServicePointManager.SecurityProtocol = System.Net.ServicePointManager.SecurityProtocol Or CType(768, System.Net.SecurityProtocolType) Or CType(3072, System.Net.SecurityProtocolType)

Note that if you have multiple BVC 2013-2015 SP2 sites on the server you must apply this code change to each site.

Developers and IT professionals  can learn more about this topic by reading this Stackoverflow article and this blog post.


Add comment

biuquote
  • Comment
  • Preview
Loading

©2017 Develisys. All rights reserved.
  • Toll-free  888-665-8637
  • International  +1 717-220-0012