Update: As of 9:10am (SYD Time) 2nd May 2018 TLSv1.0 and TLSv1.1 has now been turned off at a network level across all Qvalent applications. This means if you try and connect using TLSv1.0 and TLSv1.1 you will receive a network level connection error.

.acs-side-bar {background-color: #FFFFFF;}

On this page

Related pages

• TLSv1.2 Browser Compatibility 
• Internet Explorer Support for TLSv1.2
• Visit the Browser TLS Version Check page

How do I know if we are ready for this change? 

After Quickstream disables TLS v1.0 and v1.1, any connection to Qvalent/Westpac services must use the TLS v1.2 encryption protocol. 

This change also impacts access to web to Westpac web sites and products such as: 

• Westpac Quickstream (including QuickWeb, QuickConnect, QuickVault, QuickView, QuickTerminal, QuickGateway etc.)
• Westpac PayWay (including PayWay Net, API, Virtual Terminal etc.)
• Westpac iLink and WIBS
• Westpac QuickSuper
• Westpac Payments Plus and Supplier Finance
• Westpac Invoice Finance
• Westpac Batch Advantage

There two are different channels that need encryption to access Qvalent/Westpac services. These channels are:

• Internet Browser
• API integrations

An overview of each are below:

Internet Browsers

 When  When using most browsers, you will not have trouble accessing Qvalent/Westpac services. But you may have trouble if:

•  You  You are not using a supported internet browser, or
•  Your  Your browser has disabled the supported encryption protocols

To quickly To quickly test your browser compatibility, you can visit our test page, which has TLS v1.0 and v1.1 disabled. 

If you are able to view the site without errors, access to services via your browser should not be impacted by this change. If  If you receive an error, the page displays Steps for Resolution. Following these steps will help you change the settings in your browser, or upgrade to a newer version.

API Integrations

After Quickstream disables TLS v1.0 and v1.1, any connection to Qvalent/Westpac services must use the TLS v1.2 encryption protocols 

API

integrations are interfaces

to Qvalent and Westpac services that are separate from

, but use

Qvalent and Westpac data. 

Examples of API integrations are:

• Secure token request for QuickWeb, QuickConnect, QuickVault, and PayWay Net.
• API requests for QuickGateway, QuickVault or PayWay API.

If you have implemented any

 of these features, make sure you have enabled the TLS v1.2 encryption protocol.

API Integrations that use OpenSSL will need to use OpenSSL 1.0.1 or newer. Earlier versions of OpenSSL do not support TLS 1.2 or TLS 1.1.

To test the compatibility of an API

integration to communicates with a Qvalent/Westpac service:

PayWay

1. Point your test environment to connect to the PayWay. You may have implemented
   • PayWay Net with a secure token request, or
   • PayWay API
2. Perform a secure token request or API request using the TEST merchant. 
   • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

   • If you instead see an error message that

1. • resembles the error message below, then the test has failed. Your

1. • systems need adjustments or upgrades to

1. • properly with

1. • these services, when

To test the compatibility of an API client that uses REST to communicate with Quickstream:

1. Set up an API client in a test environment.

2. In that test environment, change the API client's access token retrieval endpoint hostname from login.Quickstream.com or [MyDomain].my.Quickstream.com to tls1test.Quickstream.com.

   1. As an example, change https://na1.Quickstream.com/services/oauth2/token to https://tls1test.Quickstream.com/services/oauth2/token while leaving the path as-is.

3. Alternatively, it's possible to change an API client's service URL from [instance].Quickstream.com or [MyDomain].my.Quickstream.com to tls1test.Quickstream.com.

   1. As an example, change https://na1.Quickstream.com/services/data/v32.0/ to https://tls1test.Quickstream.com/services/data/v32.0 while leaving the path as-is.

4. If you see an OAuth error, an "INVALID_SESSION_ID Authorization required" error, or a "400 Bad Request" error, then this test passed.

   1. The presence of this response means that the underlying TLS connection was successful, despite the higher-level error. The TLS connection is the focus of this test.

1. • we deactivate TLS v1.0 and v1.1.

     Code Block
     language text
     HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead

     
     

Quickstream

1. Re-instate your test environment to connect to the Qvalent/Westpac service test environment. You may have implemented 
   • a QuickWeb/QuickConnect/QuickVault with a secure token request, or
   • a QuickGateway
2. Perform a secure token request or API request to the test environment. 
   • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

   • If you instead see an error message that resembles the error message below, then the test has failed. Your systems need adjustments or upgrades to properly with these services, when we deactivate TLS v1.0 and v1.1.

     Code Block
     language text
     HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead

     
     

iCIS HTTP File Transfers / Superannuation Messages

1. Re-instate your test environment to connect to the Qvalent/Westpac service test environment. You may have implemented 
   • a HTTP file transfer or
   • a QuickSuper gateway message
2. Perform a HTTP post to the test environment. 
   • If you do not receive an error message that resembles the error message below, then the underlying TLS connection was successful and your integration works with TLS v1.2. 

   • If you instead see an error message that

1. • resembles the error message below, then the test has failed. Your

1. • systems need adjustments or upgrades to

1. • properly with

1. • these services, when

1. • we deactivate TLS v1.0 and v1.1.

     Code Block
     language text
     HTTP 403 error, TLSv1 is not strong encryption, please use TLSv1.2 instead

     
     

What action do I need to take?  

To maintain access to Qvalent and Westpac services make sure your browsers and integrations have TLS v1.2 enabled. 

If your browser or integration does not have TLS v1.2 enabled after we make this change, then your users will NOT be able to access Quickstream. 

We recommend that you begin planning to support TLS v1.2 as soon as possible. If you are in a corporate environment, contact your I.T. administrator.

We only have a small number of users, all of whom use regular browsers. What action do we need to take?

 To maintain seamless access to Qvalent and Westpac services, make sure that browsers connecting to Quickstream have TLS v1.2 encryption or higher enabled. 

 Your end user can visit our test page, which has TLS v1.0 and v1.1 disabled to test their browser compatibility. Your end users do not need to update their browsers if they pass the test.

When will Qvalent/Westpac disable TLS v1.0 and v1.1 encryption?

We plan to disable TLS v1.0 and v1.1 encryption according to the following schedule:

Update: As of 9:10am (SYD Time) 2nd May 2018 TLSv1.0 and TLSv1.1 has now been turned off at a network level across all Qvalent applications. This means if you try and connect using TLSv1.0 and TLSv1.1 you will receive a network level connection error.

Where can I get more information?

Find out more about TLSv1.2 Browser Compatibility.

If you have Microsoft Internet Explorer, refer to the Internet Explorer Support for TLSv1.2 page for additional information.

If you have any additional questions, please reach out to Customer Support by opening a case via the Help & Training portal.contact our Quickstream Technical Support team.

  To report a security concern or vulnerability email security@qvalent.com