Customers can still transmit data via the Web Services channel with older TLS versions
We have repeatedly announced that TLS versions 1.0 and 1.1 will no longer be supported. The last time we told that it was not possible to send or retrieve materials via the Web Services channel after August 31, if the customer does not have a newer version 1.2 of the TLS protocol. Because a small part of our customers transmits data via the Web Services channel with older TLS versions, we could not prevent the transmission of data with the old TLS versions. We will tell you in the WHAT'S NEW section of op.fi when TLS versions 1.0 and 1.1 will no longer be supported.
Continue reading if your company is still transmitting data with older versions of TLS.
Why does support for old TLS versions will end?
This change will improve data security. With the change, we are preparing for known and unpublished data security vulnerabilities.
Weak encryption-related configurations have not been used in authentication services since the beginning of 2019. FICORA's (The Finnish Communications Regulatory Authority) regulation on electronic identification and trust services requires that version 1.2 or later of the TLS protocol must be used to encrypt data transmission.
Test TLS 1.2 in customer test environment
It is highly important that data communication between the customer and the bank is protected with TLS version 1.2. In the customer test environment of the Web Services channel, you can send or receive any payment data of your company between your own software and the bank. With such tests, you can ensure that the TLS encryption protocol will indeed protect data communication also in the production environment. If you need more information, please read: Technical guidance on the customer test environment (pdf)
Supported encryption algorithms
OP will update the protection settings of the Web Services channel (WS channel) and discontinues the use of the TLS 1.0 and TLS 1.1 protocols. At the same time, OP will stop supporting several old encryption algorithms (cipher suites). OP will support the following encryption algorithms (cipher suites):
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
What is Transport Layer Security (TLS)?
TLS is a data security protocol that ensures the protection and integrity of data between two communicating applications. It is widely used in web browsers and other applications requiring secure transfer of data over the network.
What is cipher suite?
A cipher suite is a set of cryptographic algorithms. The implementation of the TLS protocols uses algorithms from a cipher suite to create keys and encrypt information. A cipher suite is a set of algorithms that help secure a network connection that uses Transport Layer Security (TLS).
The greatest benefit of the payment transfer API solution is real-time payment
Our API solution enables companies to establish a secure, real-time connection between their apps and the bank.
The payment transfer API enables companies to initiate payments and retrieve account data directly from their systems.
The APIs are based on machine identification and JSON-format data and are easy to integrate into bank connection software as well as enterprise resource planning systems and other essential operational systems. Corporate customers using the payment transfer interface are identified by machine, using OAuth certificates.
The OP Developer page has more detailed interface descriptions of OP’s API products. It also includes instructions for sandbox testing of the payment transfer API products.