Skip to content
Documentation

TLS Troubleshooting

TLS Connection Problems Solving Guide

Section titled “TLS Connection Problems Solving Guide”

Client-Side Technical Checklist to Solve Virtual POS Connection Problems

The TLS configuration supported by the servers hosting our Paynkolay services is quite secure and complies with commonly used standards. However, some client-side applications or systems may not fully adapt to this configuration. This situation can lead to connection errors. The following checklist will help client-side technical personnel diagnose and resolve such problems.

TLS Version Control

Section titled “TLS Version Control”
  • Operating System:
    • Check the operating system’s default TLS settings. Especially on older operating systems, TLS 1.2 support may be disabled or additional configuration may be required.
    • Windows: Use the registry editor to ensure TLS 1.2 is enabled. You can find detailed examples on the internet or look at the page we prepared: Enabling TLS 1.2 with Registry on Windows Servers
    • Linux: Edit the /etc/ssl/openssl.cnf file to check settings related to TLS protocols.
  • Application Settings:
    • Examine the TLS settings of the applications or libraries used (for example, cURL, request library in Python). These settings are usually determined in configuration files or within the code.
    • There may be options where you can forcibly specify the TLS version.

Ciphersuite Compatibility

Section titled “Ciphersuite Compatibility”
  • Ciphersuites Supported by the Application: Check the list of ciphersuites supported by the application or libraries used. This information can usually be found in the application’s documentation or source code.
  • Ciphersuite Control with OpenSSL: You can list the ciphersuites supported by the system using OpenSSL on the command line:
    • openssl ciphers -v
  • Determine those that match the ciphersuites supported by your server.

Connection Tests

Section titled “Connection Tests”
  • Curl Command: Example:
    • curl -vvv --tlsv1.2 --ciphers TLSv1.2:ECDHE-RSA-WITH-AES_128_GCM_SHA256 https://the_domain
  • paynkolay Domain Example:
    • curl -vvv --tlsv1.2 --ciphers TLSv1.2:ECDHE-RSA-WITH-AES_128_GCM_SHA256 https://paynkolay.nkolayislem.com.tr

Minimum TLS 1.2 must be used. Supported Ciphersuites

Section titled “Minimum TLS 1.2 must be used. Supported Ciphersuites”
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
  • TLS_RSA_WITH_AES_128_GCM_SHA256
  • TLS_RSA_WITH_AES_256_GCM_SHA384
  • TLS_RSA_WITH_AES_128_CBC_SHA256
  • TLS_RSA_WITH_AES_256_CBC_SHA256
  • TLS_RSA_WITH_AES_128_CBC_SHA
  • TLS_RSA_WITH_AES_256_CBC_SHA