Closed jflaflamme closed 8 years ago
delatbabel
commented
8 years ago Does this break any backwards compatibility for existing MIGS users?
I will merge this. If you can confirm that the merged dev-master works in production then I will tag for release.
jflaflamme
commented
8 years ago Yes, I use my dev-master in production mode.
As of now using MD5, the migs-mtf will simply not work and give an http 400 error.
There is an ongoing project to block MD5 hash in MIGS. This is the reason for the 400 error
Regarding omnipay, there is no different settings so it is backward compatible. MiGS API is accepting both MD5 and SHA256 in production since 2011, but on MiGS MTF (the test server) they phase out MD5 support (version 2.5) in favour of version 3.
I think it is preferable to phase out MD5 as well to avoid 400 errors with omnipay-migs.
delatbabel
commented
8 years ago Tagged as v2.2.0 -- thanks for the contribution.
MiGS starts to enforce SHA-256 in favour of MD5.
MiGS supports both MD5 and SHA-256 secure hash methods, however it is strongly recommended that new merchant integrations use SHA-256. MD5 is supported for existing merchant integrations.
Not a recent document, but local banks start to enforce.
Reference http://www.migssupport.com/Resources/Manuals/VirtualPaymentClient/MasterCard%20VPC%20Integration%20Guide%20MR%2029.pdf