On This Page

{#jumplink-list}  
[Markdown](/docs/cybs/en-us/platform/relnote/all/na/rn-2026-04-02/rn-announce/tls-1-3.md)  
Filter  
FILTER BY TAG

TLS Updates {#tls-1-3}
======================

We are making changes to our implementation of Transport Layer Security (TLS).

TLS 1.3
-------

To maintain the highest security standards for both browser-based and server-to-server connections, we will enable TLS 1.3 on the endpoints listed below. This enhancement is optional and will supplement the existing TLS 1.2 support, which will remain in place with no plans for removal.  
We will make changes to these endpoints on these dates:  
**Testing environment**: May 26, 2026  
*ics2wstesta.ic3.com*  
*ics2wstest.ic3.com*  
*apitest.cybersource.com*  
**Production environment**: June 2, 2026  
*ics2wsa.ic3.com*  
*ics2ws.ic3.com*  
*api.cybersource.com*  
*api.in.cybersource.com*  
*ics2ws.in.ic3.com*  
Contact Customer Support if you have any questions about these changes.

TLS Certificate Lifetime Reduction
----------------------------------

In alignment with new CA/Browser Forum regulations, the maximum TLS certificate lifetime will be reduced gradually as follows:  
• Currently, the maximum lifetime for a TLS certificate is 200 days.  
• Beginning March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.  
• Beginning March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.  
See this blog for more information about the TLS certificate lifetime changes:  
[tls-certificate-lifetimes-will-officially-reduce-to-47-days](https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days "")  
**How will this change impact connectivity?**  
Server level (leaf) SSL/TLS certificates issued by Cybersource will remain valid until their scheduled expiration. Server level (leaf) TLS certificates have shorter lifespans and must be reissued more frequently. Cybersource therefore recommends that clients trust the root certificate instead.  
**What is our recommendation?**  
We continue to recommend trusting the Root TLS certificates for all secure endpoints. This approach removes the need for periodic renewal of server level certificates and helps prevent connection failures caused by expired leaf certificates.  
**How can I tell which TLS certificate I am using?**  
Contact your server administrator or your network support team.  
**Where can I find the TLS Root certificate?**  
Continue trusting the root certificate to maintain connectivity with supported endpoints. You can download the root certificate from this article:  
[?code=KA-09802](https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-09802 "")  
Contact your Customer Support representatives with any questions.  
RELATED TO THIS PAGE