Visa regularly reviews supported encryption standards to provide one of the best in the world encryption protections for our APIs. As part of that commitment, we are deprecating older security protocols (ciphers) that do not meet current industry standards for connecting to our REST APIs.
If you have a project on Visa Developer Platform that connects to REST APIs, please note that several of the protocols or cipher suites will be deprecated in VDP Sandbox and Certification by June 21st, 2023, and in VDP Production by February 21st, 2024.
VDP is deprecating the use of CBC ciphers. After these dates, if your project is using one of the impacted protocols or suites, support for cipher suites will be removed and your application will become incompatible.
Moving forward, VDP will only support the following protocols and cipher suites for encrypted communication:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
Actions Required:
Using the steps below, we strongly recommend you immediately test your system to determine if it is compatible with the new security requirements. If the test fails, you will need to plan for upgrading your system and verifying compatibility.
- TEST: First, check your current system’s compatibility by making API calls to VDP Sandbox or Certification environment.
- UPGRADE: If you are unable to successfully connect to the Sandbox or Certification environment and you receive an SSL handshake error (such as “Unsupported cipher suite”), you may need to upgrade your operating system’s security components. You may need to make configuration changes in your application to update the underlying software dependencies.
- VERIFY: Once you have made the necessary changes, verify your upgraded system can connect successfully to the same test endpoint.
Action: Follow our tips for identifying connection errors and upgrading your environment for compatibility:
The following table shows the only cipher suites supported by VDP and the Java version support.
Cipher Suite |
Java 7 |
Java 8 and later |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
No |
Yes |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 |
No |
Yes |
TLS_RSA_WITH_AES_256_GCM_SHA384 |
No |
Yes |
TLS_RSA_WITH_AES_128_GCM_SHA256 |
No |
Yes |
If you are using Java 8 or later, you should be able to connect to Visa without any issues.
Java 7 is end of life and should not be used. You will need to use Java 8 or above.
Our normal REST API endpoint already supports the stronger cipher suites, so you can promptly cut over your production traffic once the changes have been verified.
If you have any questions or need support, please contact your designated Visa Account Manager directly.