FAQ – Frequently Asked Question 

1- What action do I need to take? 

You will need to check with your networking team or host/solution provider to confirm your connection is connecting through TLS 1.2 and using one or more of the below supported ciphers suites. Please be advised that you will need to work with your networking team or your host/solution provider to apply one or more of the below cipher suites to your connection to IPAY88.  

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)  256 
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   128 
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)        256 
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)        128 

2- How can I check which cipher suite my connection to IPAY88 endpoint is using? 

You will need to check with your networking team or your host/solution provider to confirm your connection to IPAY88. You can also use a Network Traffic Capture tool (such as Wireshark) to analyse your connection. 

3- Can I test if my connection to IPAY88 endpoint will not be impacted before the announced deadlines? 

Yes. You may test your connection using https://www.ssllabs.com/ssltest/index.html . 

If your connection to IPAY88 endpoint is already using one of the supported ciphers (listed below), then there is no action needed as long as you maintain those supported ciphers.  

If your connection to IPAY88 endpoint does not have any of the below listed Cipher Suites, then you will need to make sure you add one or more of those cipher suites and to one of IPAY88 endpoints in Production environment 

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)  256  
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   128 
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)        256 
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)        128 

4- What error message I will get if I am not using any of the matched cipher suites? 

Error message can varies depending on your server. Please consult with your networking team or your host/solution provider on how your server may handle connectivity error.