Payment Service Requirement – TLS 1.0/1.1 to 1.2

Many payment services are now requiring your Spider server to transmit information using TLS version 1.2 as opposed  to TLS 1.0 or 1.1. This change needs to be made by your school’s IT staff as it is outside of the control of Spider. There are a variety of factors that will determine how this is done depending on the server’s OS and installed Dot Net Framework. In some cases, just disabling the TLS 1.0 and 1.1 protocols causes your IIS to throw the following error:

The underlying connection was closed: An unexpected error occurred on a send.

This will stop your Spider. This is partially due to the fact that Spider is running 32 bit applications and the 32 bit registry keys have not been updated. The following article from Microsoft explains how to resolve this issue. The full article can be read by using the hyperlink below.

https://support.microsoft.com/en-us/help/3206898/enabling-iis-manager-and-web-deploy-after-disabling-ssl3-and-tls-1-0

There are a variety of third-party tools to help with this task. PCSchool does not take any responsibility for their use. One school used the following tool to disable TLS 1.0 and 1.1 leaving just TLS 1.2 enabled:

https://www.nartac.com/Products/IISCrypto

In some cases, if there is somethings wrong in registry, the TLS 1.0 and 1.1 will be ticked but greyed out like the PCT .10 setting shown above. If this is the case, click on them again to ensure the check boxes are clear.

In one instance, where the school had the IIS on a separate server to the SQL instance, disabling TLS 1.0 and 1.1 on the Spider Server stopped the ODBC traffic, preventing their reports from printing. All other aspects of Spider functioned correctly. In this case, they made the registry entries for .Net 32bit and there DPS Payment Service still worked, as well as their printing.