From January 2020 onwards, the GoCardless API will discontinue support for TLS 1.0 and 1.1. This article provides instructions on how to check whether your integration is compatible with TLS 1.2 and how to upgrade if it's not.
Checking your integration
We have already updated the GoCardless Sandbox API to require TLS 1.2 as a minimum version so that you can test your connection prior to changing your integration in production.
If you make a request to our Sandbox API using and it returns a connection error, you will need to upgrade.
PHP
If you are using our PHP client library, you can run the following snippet to check whether your integration supports TLS 1.2:
$client = new \GoCardlessPro\Client(array(
'access_token' => "your_access_token",
'environment' => \GoCardlessPro\Environment::SANDBOX
));
$client->creditors()->list();
If you get a connection error, you will need to upgrade cURL and/or OpenSSL.
The GoCardless PHP client library uses Guzzle under the hood with cURL to connect to our API over HTTP.
You will need to ensure that you are using:
- cURL version 7.3.4 or newer
- OpenSSL 1.1.1 or newer
Java
If you are using our Java client library, you can run the following snippet to check whether your integration supports TLS 1.2:
import static com.gocardless.GoCardlessClient.Environment.SANDBOX;
String accessToken = "your_access_token";
GoCardlessClient client = GoCardlessClient
.newBuilder(accessToken)
.withEnvironment(SANDBOX)
.build();
for (Creditor creditor : client.creditors().all().execute()) {
System.out.println(creditor.getId());
}
If you get a connection error, you will need to upgrade to Java version 1.8.
You can upgrade your Java version by downloading a new copy of Java, or installing a newer version of OpenJDK.
.NET
If you are using our .NET client library, you can run the following snippet to check whether your integration supports TLS 1.2:
String accessToken = "your_access_token";
GoCardlessClient gocardless = GoCardlessClient.Create(accessToken, Environment.SANDBOX);
var creditorListResponse = gocardless.Creditors.All();
foreach (GoCardless.Resources.Creditor creditor in creditorListResponse)
{
Console.WriteLine(creditor.Name);
}
If you get a connection error, you will need to upgrade .NET Framework to 4.6 or above.
Alternatively, if you cannot upgrade to .NET Framework 4.6 and need to remain on 4.5.2, you can set the global security protocol in your application (https://docs.microsoft.com/en-us/dotnet/api/system.net.servicepointmanager.securityprotocol?view=netframework-4.5.2).
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls;
If you are using RestSharp to communicate with GoCardless, you will need to add the following line above the first request you make to GoCardless, to opt into TLS 1.2 support:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
| SecurityProtocolType.Tls11
| SecurityProtocolType.Tls;
Ruby
If you are using our Ruby client library, you can run the following snippet to check whether your integration supports TLS 1.2:
client = GoCardlessPro::Client.new(
access_token: "your_access_token",
environment: :sandbox
)
client.creditors.list
If you get a connection error, you will need to upgrade OpenSSL to version 1.1.1 or newer (see instructions below).
You may also need to re-install Ruby.
Python
If you are using our Python client library, you can run the following snippet to check whether your integration supports TLS 1.2:
import gocardless_pro
client = gocardless_pro.Client(access_token="your_access_token", environment='sandbox')
client.creditors.list().records
If you get a connection error, you will need to upgrade OpenSSL to version 1.1.1 or newer (see instructions below) and/or upgrade to Python 3.5 or newer. Python 2 will no longer be maintained and becomes end of life on 1 Jan 2020.
Other
You can check whether the HTTP client you’re using to communicate with GoCardless supports TLS 1.2 by hitting our Sandbox health check endpoint.
For example, using cURL:
$ curl https://api-sandbox.gocardless.com/health_check
{"active_record":"up","system":"up"}
Upgrading OpenSSL
RHEL/CentOS/Debian/Ubuntu/macOS
Check your version:
openssl version
This will return the version information for the OpenSSL version installed on your operating system. For modern operating systems you should be able to install via your package manager e.g.
# CentOS, Fedora, RHEL
sudo yum update openssl libcurl
# Debian, Ubuntu
sudo apt-get update && sudo apt-get install --only-upgrade openssl
# macOS
brew install openssl
After installation, verify you have version 1.1.1 or newer installed:
openssl version
If the version installed is not the latest, you may need to install OpenSSL from source.
Windows
In Windows you will need to update your development environment that bundles OpenSSL compatible libraries (e.g. your installation of Python, Ruby or PHP).