Implementing TLS 1.2 to Simplify


TCP/IP Socket communication between the POS and Simplify can be implemented with or without SSL security layer. Although there is no PCI data exchanged between the POS and Simplify, some implementations would like to have the added security by implementing SSL. TLS 1.2 is the preferred implementation for SSL encryption. This document serves as a guide in the implementation of TLS 1.2.

Simplify Communication Diagram

Below is the overview of SSL Socket Communication implemented by Simplify. No PCI-sensitive data is transmitted between the POS and Simplify.

Simplify PCI-sensitive data protection. See paragraph just below.

Simplify obtains account data from the PIN Pad, and sends the encrypted PCI-sensitive data with the transaction to Fusebox. The Simplify response to the POS does not contain any PCI-sensitive data. In the scenario diagrammed, all messages are sent by TCP/IP and encrypted using TLS 1.2.

General Guidelines

  1. Socket connection between the POS and Simplify can be configured with or without SSL Encryption.

  2. Simplify supports the industry accepted standard, TLS 1.2.

  3. There are 2 types of Simplify implementations:

    • Non-Pay at the Table - Simplify is the socket server to the POS.
    • Pay at the Table - Simplify is the socket client to the POS.
  4. Open SSL is used to implement TLS 1.2. Please refer to the Open SSL documentation for details.

  5. There are 2 types of certificates supported:

    • Self-Signed Certificate.
    • Certificate issued by a Certificate Authority.

    Since each Simplify device needs a certificate,Elavon recommends the use of the Self Signed Certificate. Elavon can supply the POS provider with an Elavon-created certificate, or the merchant can opt to supply Elavon with its own Self-Signed Certificate.

  6. Please refer to the Open SSL on how to create a Self-Signed Certificate.

  7. The following ciphers are supported by Simplify: SSL_RSA | SSL_AES | SSL_3DES | SSL_RC4 | SSL_MD5 | SSL_SHA1 | SSL_SHA256, SSL_HIGH | SSL_NOT_EXP

  8. Since Self Signed certificate is used, SSL will not verify the IP address of the server.