Introduction

Due to PCI-DSS compliance, from March 1st 2018, the PagSeguro postback endpoint will start to accept only TLS 1.2 connections. This means you will have to make a few adjustments in your integration. Two options are provided:

1. Use the alternative endpoint;

2. You connect with us using TLS 1.2 protocol.

Checking TLS protocol version

To test if your environment is prepared to TLS 1.2 protocol, send a request from your server to https://www.howsmyssl.com/a/check and check which is TLS protocol version (by tls_version in response), if is TLS 1.2, your environment is ready to send connections with TLS 1.2 protocol and no action is required.

PHP Example

<?php

$curl = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
curl_close($curl);
$json = json_decode($response);
echo $json->tls_version;    

Alternative endpoint

To send postback using TLS 1.0/1.1 protocol, you can uses alternative endpoint.

Sending with TLS 1.2 protocol

Java

Java 5 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint

Java 6-7: Set to use TLS1.2 by SSLContext.

Java 8 or later: TLS 1.2 is default.

Set TLS1.2 by SSLContext

SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
con.setSSLSocketFactory(sc.getSocketFactory());

.NET

.NET Framework 4.0 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint

.NET Framework 4.5: Set to use TLS1.2 by SecurityProtocol

.NET Framework 4.6 or later: TLS 1.2 is default.

Set security protocol before the connection

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

PHP, Ruby, Node and Python

It’s necessary to update openssl to 1.0.1c or later in your operating system

Force TLS 1.2 protocol in PHP (requires CURL 7.34.0 or later)

<?php
curl_setopt ($curl, CURLOPT_SSLVERSION, 6);