Enabling TLS 1.2 for Realex redirect payments


#1

Hi all,

We recently enabled cloudflare on our website and we’re using realex hosted/redirect payments for credit card payments. Since last year, realex only supports TLS 1.2 so our customers were not being redirected back to our website after payment once cloudflare was enabled. I enabled require modern TLS option in our admin panel but we’re still seeing the error. This was enabled only in the last few hours so I’m wondering does this take some time to update or should we see this issue fixed if this is the problem?
Thank you in advance
Daniel


#2

What’s the error you’re seeing? Cloudflare supports TLS 1.2 with or without the require modern TLS option being enabled (the option just blocks client downgrade requests).


#3

Thanks for the response. The error message we’re getting from our hosted payments page is ‘Your transaction has been successful but there was a problem connecting back to the merchant’s web site. Please contact the merchant and advise them that you received this error message’
I contacted our payments gateway provider and they informed me that cloudflare doesn’t support the latest cipher suites by default so changed this setting. The last time we migrated server we were getting the same error messgae and I needed to update our payment provider with the new IP address. Might this be a similar issue?
Thanks
Daniel


#4

It might be an IP address issue. We’re pretty progressive on supported cypher suites. If you are using our free SSL certificate you might ask them if they support SNI. If they don’t you may need a dedicated certificate until they get around to adding support for it.


#5

Ok thanks for that. I see we’re actually on your free SSL cert but we had our own before. If I change the SSL setting to flexible will this then revert back to the cert we were on before?


#6

No, that would make the connection between Cloudflare and your origin http instead of https which you don’t want since you’re doing ecommerce. Cloudflare has to have an SSL cert on our edge to proxy https traffic since we inspect it for DDoS/WAF and page rules.


#7

This topic was automatically closed after 14 days. New replies are no longer allowed.