VP-ASP :: Shopping Cart Software

Shopping Cart Software Solutions for anywhere in the World

US/Canada(Toll Free): +1 888 587 2278
Europe/UK: +44 (020) 7193 9408
Australia/New Zealand: +61 3 9016 4497

VPCart BluePay TLS 1.2 Upgrade

If you are using BluePay payment gateway with VPCart then, you would have received the notification e-mail about an upcoming BluePay TLS security upgrade:

Subject : PCI SSC Has Mandated a TLS Security Upgrade

Mandated Security Update
Transport Layer Security (TLS) is the encryption technology used to protect communications to and from the BluePay gateway. As vulnerabilities are found in older versions of the technology it becomes necessary to discontinue use of those versions.

To be compliant, BluePay will be removing TLS 1.0 and TLS 1.1 from its servers on May 31, 2018. After the removal all connections to the BluePay gateway will need to use TLS 1.2.It is still recommended to verify and test TLS 1.2 compatibility prior to the removal date to insure that there are no issues.
Customer to server integrations such as hosted payment forms will be dependenton the customer's web browser supporting TLS 1.2. A list of compatible web browsers is below.
Server to server integration will require the application performing the post to BluePay to be TLS 1.2 capable. To aid with testing applications loadtest.stg.bluepay.com has been configured to only allow TLS 1.2 connections. This server is for connection testing only. It does not have access to production accounts and cannot be used to process transactions. TLS 1.2 connectivity can be tested by replacing the post URL with one of the following then attempting a transaction. The transaction response MESSAGE value will be "TLS 1.2 SUCCESS" if there is a successful connection.

BluePay 1.0 Post

BluePay 2.0 Post

BluePay 2.0 XML Post

To remain PCI compliant after June 30, 2018 merchants and partners must also limit connections to their servers to TLS 1.1 or above. It is recommended to use TLS 1.2.


We at VPCart have reviewed our BluePay Direct Post payment gateway module for this TLS security upgradeand we can confirm that this gateway is using HTTP Post method which will not be affected by this update.

Therefore, if you continue to get the notification e-mail from BluePay, you can ignore it.

For older VPCart versions (v7, v650 etc..) that still use older version of BluePay 2.0 gateway, this type of gateway is still using XML to communicate with BluePay and will not pass their upcoming TLS security upgrade. We would suggest you to upgrade to our very latest VPCart version and then only use the BluePay Direct Post gateway that you can download from https://www.vpasp.com/sales/epdownload800.asp.

If you have any questions regarding this, please submit a helpdesk ticket to us at https://helpdesk.vpcart.com.

Wilson K.
VPCart Customer Care

Back to Blog Dashboard


Leave a comment
Please enter the code shown into the box below
Code Image - Please contact webmaster if you have problems seeing this image code  Load new code
Back to Blogs Index