Posted: October 28, 2024
Corrected: October 29, 2024

As part of our commitment to maintaining the highest security standards, at the end of January 2025, we're updating the cipher suites used with the REPAY ClickToPay hosted credit card form in Sage 100. With the change, the TLS 1.2 cipher suite TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA will no longer be supported. This change is crucial for ensuring the continued security of our services and compliance with industry standards.

Important: After January 31, 2025, connections using unsupported ciphers will be refused, potentially disrupting your service.

Please review this announcement for supported cipher suites, instructions for testing your connection and related documentation. 

Action Required before January 31, 2025

1. Review your current Sage 100 server operating system, cipher suite usage and official Sage supported versions.
2. Update your operating system to use one of the supported cipher suites listed below.
3. Test your connection to ensure everything is working correctly. Instructions are included later in this note.

Supported Cipher Suites

TLS 1.3
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256

TLS 1.2

ECDHE-ECDSA-AES128-GCM-SHA256
ECDHE-RSA-AES128-GCM-SHA256
ECDHE-ECDSA-AES256-GCM-SHA384
ECDHE-RSA-AES256-GCM-SHA384
ECDHE-ECDSA-CHACHA20-POLY1305
ECDHE-RSA-CHACHA20-POLY1305
DHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Test Your Connection

Here's a quick way to confirm whether the change will impact your Sage 100 ERP system:

On the Sage 100 server, open Internet Explorer 11 and navigate to the following URL: https://testportal.apsclicktopay.com. If it loads without error, your system will not be impacted. No action is necessary.

Test Your Connection in Sandbox (for IT and Sage Admins)

The ClickToPay sandbox environment is configured to only support the listed ciphers. To ensure your system supports these ciphers, in Sage 100 modify the ClickToPay URLs and point them to the sandbox environment.

To test connections:

1. In Sage 100, go to Library Master > URL Maintenance.
2. In the ClickToPay URLs, change:
   • portal.apsclicktopay.com to testportal.apsclicktopay.com
   • api.apsclicktopay.com to testapi.apsclicktopay.com
     
     
3. Now test the connection by adding a credit card to a customer.
   • Go to Accounts Receivable > Customer Maintenance and on the Additional tab click Credit Cards/ACH.
   • Select CC for the payment type and enter a payment ID. Click Add New. If the REPAY credit card form opens, your network connection is using a supported cipher suite.  
   • Click Cancel. Remember to change the ClickToPay URLs back to production.

ClickToPay URLs in Sage 100

https://portal.apsclicktopay.com/EasyPay
https://portal.apsclicktopay.com/EPay/Payments
https://api.apsclicktopay.com
https://portal.apsclicktopay.com/Invoices/ClickToPay
https://portal.apsclicktopay.com/order/pay
https://portal.apsclicktopay.com/Invoices/CustomerLink

Related Documentation

• REPAY for Sage 100 Release Notes
• Sage 100 Supported Versions (Sage)
• Windows Server 2012 and 2012 R2 reaching end of support (Microsoft)
• Lifecycle FAQ - Internet Explorer 11 End of Life (Microsoft)