Migrate TLS


Due to PCI-DSS compliance, from March 1st 2018, the PagSeguro postback endpoint will start to accept only TLS 1.2 connections. This means you will have to make a few adjustments in your integration. Two options are provided:

  1. Use the alternative endpoint;

  2. You connect with us using TLS 1.2 protocol.

Option 2 requires server adjustments, which we know can be difficult. Therefore, option 1 is also available and requires minimum effort.

Checking TLS protocol version

To test if your environment is prepared to TLS 1.2 protocol, send a request from your server to https://www.howsmyssl.com/a/check and check which is TLS protocol version (by tls_version in response), if is TLS 1.2, your environment is ready to send connections with TLS 1.2 protocol and no action is required.

PHP Example


$curl = curl_init('https://www.howsmyssl.com/a/check');
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($curl);
$json = json_decode($response);
echo $json->tls_version;    

Alternative endpoint

To send postback using TLS 1.0/1.1 protocol, you can uses alternative endpoint.

Alternative URL to postback

Change postback URL as follows
Old urlNew Url
The new endpoint also supports sandbox transactions. For such, please set the parameter test_mode=1 in the POST request. In case of any doubts please refer to the integration guide.

Sending with TLS 1.2 protocol

If older TLS versions are available, we'll require changes in your environment.


Java 5 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint

Java 6-7: Set to use TLS1.2 by SSLContext.

Java 8 or later: TLS 1.2 is default.

Set TLS1.2 by SSLContext

SSLContext sc = SSLContext.getInstance("TLSv1.2");
sc.init(null, null, new java.security.SecureRandom());
HttpsURLConnection con = (HttpsURLConnection) httpsURL.openConnection();
In Java 6 it's required at least oracle’s update 6u115 or IBM Service Refresh 10


.NET Framework 4.0 or earlier: Does not support TLS 1.2. Please update it or use the alternative endpoint

.NET Framework 4.5: Set to use TLS1.2 by SecurityProtocol

.NET Framework 4.6 or later: TLS 1.2 is default.

Set security protocol before the connection

ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12

PHP, Ruby, Node and Python

It’s necessary to update openssl to 1.0.1c or later in your operating system

Force TLS 1.2 protocol in PHP (requires CURL 7.34.0 or later)

curl_setopt ($curl, CURLOPT_SSLVERSION, 6);
It’s necessary ruby 2.0 or later