NAB recently sent out an email to schools stating that they are retiring several old security ciphers that the NAB Transact platform uses.
As a result we have had questions such as:
- Is this something that needs to be configured within Synergetic?
- Does this impact the parents ability to make a payment via the Community portal as we know once a payment has been made it creates a payment batch in Synergetic?
Synergetic supports TLS 1.3 and TLS 1.2 ciphers including:
- 0x13,0x01 TLS_AES_128_GCM_SHA256
- 0x13,0x02 TLS_AES_256_GCM_SHA384
- 0xC0,0x30 ECDHE-RSA-AES256-GCM-SHA384
- 0xC0,0x2F ECDHE-RSA-AES128-GCM-SHA256
- 0x00,0x9F DHE-RSA-AES256-GCM-SHA384
- 0x00,0x9E DHE-RSA-AES128-GCM-SHA256
These need to be configured and enabled in IIS.
Note that it's likely that your webserver will negotiate up from a weak cipher to one of the supported ones. Note also that we only support Windows Server 2016 and above.
There are tools that can help better understand your IIS instance (for example: Hardening your IIS web server configuration with IIS Crypto - Jonathan Crozier), and we publish hardening guidelines that should be of use IIS Server hardening guidelines.
Use the hardening guide for inspiration as ciphers are being updated all the time.
Clients can use SSL Server Test (Powered by Qualys SSL Labs) to test any of your websites to look for weak ciphers.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article