Versions Compared

Old Version 75

changes.mady.by.user Qvalent Quickstream

Saved on

compared with

New Version Current

changes.mady.by.user Qvalent Quickstream

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
WarningWhat is

Update: As of 9:10am (SYD Time) 2nd May 2018 TLSv1.0 and TLSv1.1 has now been turned off at a network level across all Qvalent applications. This means if you try and connect using TLSv1.0 and TLSv1.1 you will receive a network level connection error.

Warning

What is happening?

Starting in December 2015, we will begin disabling the TLS v1.0 and v1.1 encryption protocols

. This

, please see below the schedule for disablement. This approach will prevent

any TLS

any TLS v1.0 and v1.1 connection

to access

to access Qvalent/Westpac services

. No access from any TLS v1.0 and v1.1 connection will allowed after June 30, 2018.

as per our obligations for PCI compliance. 


Style
.acs-side-bar {background-color: #FFFFFF;}



Info

Why is this happening?

At Qvalent we treat the protection of our customers' data very seriously. Sometimes we need to make security improvements and retire older encryption protocols. This allows us to maintain the highest security standards and promote the safety of your data. 

To maintain alignment with these best practices and updated compliance requirements from the PCI Security Standards Council,  Qvalent will disable the use of TLS v1.0 and v1.1 for connections to Qvalent/Westpac services.

Note that as of the 23rd Dec 2015 the PCI have has now granted an extension for existing customers to migrate from TLSv1.0 & TLSv1.1 to TLSv1.2 from 30th June 2016 to 30th June 2018, however all new customers must be on-boarded using TLSv1.2.

PCI Council grants extension for existing TLS customers to 30th June 2018


On this page

Table of Contents
maxLevel1

Related pages

 

 

 




How do I How do I know if we are ready for this change? 

After Quickstream disables TLS v1.0 and v1.1, any connection to Qvalent/Westpac services must use the TLS v1.2 encryption protocol. 

This change also impacts access to Westpac web sites and products such as: 

  • Westpac Quickstream (including QuickWeb, QuickConnect, QuickVault, QuickView, QuickTerminal, QuickGateway etc.)
  • Westpac PayWay (including PayWay Net, API, Virtual Terminal etc.)
  • Westpac iLink and WIBS
  • Westpac QuickSuper
  • Westpac Payments Plus and Supplier Finance
  • Westpac Invoice Finance
  • Westpac Batch Advantage

There two are different channels that need encryption to access Qvalent/Westpac services. These channels are:

  • Internet Browser
  • API integrations

An overview of each are below:


Internet Browsers

 When using most browsers, you will not have trouble accessing Qvalent/Westpac services. But you may have trouble if:

  •  You are not using a supported internet browser, or
  •  Your browser has disabled the supported encryption protocols

To quickly test your browser compatibility, you can visit our test page, which has TLS v1.0 and v1.1 disabled. 

If you are able to view the site without errors, access to services via your browser should not be impacted by this change. If you receive an error, the page displays Steps for Resolution. Following these steps will help you change the settings in your browser, or upgrade to a newer version. 


Info

Find out more about TLSv1.2 Browser Compatibility.

If you have Microsoft Internet Explorer, refer to the Internet Explorer Support for TLSv1.2 page for additional information.



API Integrations

After Quickstream disables TLS v1.0 and v1.1, any connection to Qvalent/Westpac services must use the TLS v1.2 encryption protocols 

API integrations are interfaces to Qvalent and Westpac services that are separate from, but use Qvalent and Westpac data. 

Examples of API integrations are:

  • Secure token request for QuickWeb, QuickConnect, QuickVault, and PayWay Net.
  • API requests for QuickGateway, QuickVault or PayWay API.

If you have implemented any of these features, make sure you have enabled the TLS v1.2 encryption protocol.

Info

API integrations that use Java will generally need to use Java 8 or higher to enable TLS v1.2 by default. You may also use Java 7 and enable TLS v1.2 using the https.protocols Java system property. You may also need to make code changes to enable TLS v1.2.

Services that run on Windows Server systems and use Microsoft Secure Channel for TLS must run on Windows Server 2008 R2 or higher.  This generally includes most .NET applications and Microsoft Internet Information Server (IIS). Earlier versions of Windows Server do not support TLS v1.2. Refer to the Internet Explorer Support for TLSv1.2 page for additional information.

API Integrations using NSS will need to use 3.14 or newer (preferably 3.15.1 or newer). Versions before 3.15.1 do not support TLS 1.2.

To test the compatibility of an API integration to communicates with a Qvalent/Westpac service:

PayWay

  1. Point your test environment to connect to the PayWay. You may have implemented
    • PayWay Net with a secure token request, or
    • PayWay API
  2. Perform a secure token request or API request using the TEST merchant. 
    • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

    • If you instead see an error message that resembles the error message below, then the test has failed. Your systems need adjustments or upgrades to properly with these services, when we deactivate TLS v1.0 and v1.1.

      Code Block
      languagetext
      HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead


Quickstream

  1. Re-instate your test environment to connect to the Qvalent/Westpac service test environment. You may have implemented 
    • a QuickWeb/QuickConnect/QuickVault with a secure token request, or
    • a QuickGateway
  2. Perform a secure token request or API request to the test environment. 
    • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

    • If you instead see an error message that resembles the error message below, then the test has failed. Your systems need adjustments or upgrades to properly with these services, when we deactivate TLS v1.0 and v1.1.

      Code Block
      languagetext
      HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead

 

 

What action do I need to take?  


To maintain access to Qvalent and Westpac services make

iCIS HTTP File Transfers / Superannuation Messages

  1. Re-instate your test environment to connect to the Qvalent/Westpac service test environment. You may have implemented 
    • a HTTP file transfer or
    • a QuickSuper gateway message
  2. Perform a HTTP post to the test environment. 
    • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

    • If you instead see an error message that resembles the error message below, then the test has failed. Your systems need adjustments or upgrades to properly with these services, when we deactivate TLS v1.0 and v1.1.

      Code Block
      languagetext
      HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead




What action do I need to take?  

To maintain access to Qvalent and Westpac services make sure your browsers and integrations have TLS v1.2 enabled. 

If your browser or integration does not have TLS v1.2 enabled after we make this change, then your users will NOT be able to access Quickstream. 

We recommend that you begin planning to support TLS v1.2 as soon as possible. If you are in a corporate environment, contact your I.T. administrator.


We only have a small number of users, all of whom use regular browsers. What action do we need to take?

 To maintain seamless access to Qvalent and Westpac services, make sure that browsers connecting to Quickstream have TLS v1.2 encryption or higher enabled. 

 Your end user can visit our test page, which has TLS v1.0 and v1.1 disabled to test their browser compatibility. Your end users do not need to update their browsers if they pass the test.

 

 



When will Qvalent/Westpac disable TLS v1.0 and v1.1 encryption?

We plan to disable TLS v1.0 and v1.1 encryption according to the following schedule:

 



ServicesTLS v1.0 and v1.1 disablement schedule

Test environments (all)

Expand
titleSee more...
.qvalent.com
paymentsplus-met
support
PayWay
  • QuickSuper (all brands, including)
payway
staging
payway
staging
Westpac QuickService
service
staging
QuickSuper (all brands, including)


Was disabled on December 7, 2015

Production environments (web browser access)

quicksuper
support
qvalent
com
quicksuper-stgeorge
support
qvalent
comSettlement Service
settlementservice
support
qvalent.comSupplier Finance
supplierfinance
support
qvalent
comDecember 7, 2015

Production environments (API integration and file transfer):

Web serviceshttp
ccapi
qvalent
ws
qvalent
File transfers and WIBShttp
ssiw
April 18, 2018Production environments (web browser access)
  • Westpac
Quickstream
quickstream
quickweb
westpac
.auPayWay (all brands, including)
www
payway
payway
stgeorge
.au
QuickSuper
  • Payments Plus (all brands, including)
quicksuper
quicksuper
Westpac Batch Advantage
batchadvantage
qvalent
com
  • Westpac
iLink
ilink
Invoice Finance
westpacinvoicefinance
Westpac Merchant Onlinehttps://merchantonline.westpac.com.au
  • Westpac
Online Payables
olpWestpac QuickService
  • Payments Plus (all brands, including)
    • October 9, 2017 (Done)

    Production environments (API integration):

    		October 9, 2017 (Done)

    Production environments (Token Requests):

    quickservice
    westpac
    .au
  • Westpac Settlement Service
    • Westpac Supplier Financehttps://supplierfinance
    		October 16, 2017 (Done)

    Production environments (file transfer):

    May 2, 2018
    October 23, 2017 (Done)

    * Note, dates are subject to change.

     


     

     Update: As of 9:10am (SYD Time) 2nd May 2018 TLSv1.0 and TLSv1.1 has now been turned off at a network level across all Qvalent applications. This means if you try and connect using TLSv1.0 and TLSv1.1 you will receive a network level connection error.


    Where can I get more information?

    Find out more about TLSv1.2 Browser Compatibility.

    If you have Microsoft Internet Explorer, refer to the Internet Explorer Support for TLSv1.2 page for additional information.

    If you have any additional questions, please contact our Quickstream Technical Support team.

      To report a security concern or vulnerability email security@qvalent.com

    Download summary

    QuickStreamPayWay
    View file
    nameDisabling of TLSv1 and v1.1 For Westpac Quickstream and WIBS.pdf
    height250
    View file
    nameDisabling of TLSv1 and v1.1 For Westpac PayWay.pdf
    height250

     

     



    Note

    Disclaimer

    These guidelines are general in nature and have been prepared without knowledge of the specific environment in which your systems operate. These guidelines are current at the time of writing, but may require update over time. They should not be forwarded to any other party without Westpac’s written consent. Except where contrary to law, Westpac intends by this notice, to exclude liability for these guidelines and the information contained in them. While Westpac has made every effort to ensure these guidelines are free from error, Westpac does not warrant their accuracy, adequacy or completeness.