What is happening?

Starting in September October 2024, we will begin enabling TLSv1.3 and disabling CBC ciphers which are now considered insecure, please see below the schedule for disablement. This approach will prevent any TLS connections that use only CBC ciphers from connection to access Qvalent/Westpac services as per our obligations for PCI compliance.

...

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

ALL QVALENT TEST ENVIRONMENTS HAVE CBC CIPHERS DISABLED AND TLSv1.3 ENABLED

How do I know if we are ready for this change?

...

Westpac Quickstream (including QuickWeb, QuickConnect, QuickVault, QuickView, QuickTerminal, QuickGateway, REST etc.)
Westpac PayWay (including PayWay Net, API, Virtual Terminal etc.)
Westpac iLink
Westpac QuickSuper
Westpac Payments Plus
Westpac Invoice Finance
Westpac BankRec

There two are different channels that need encryption to access Qvalent/Westpac services. These channels are:

...

To quickly test your browser compatibility, you can visit our test page, which has the new TLS settings implemented.

...

Secure token request for QuickWeb, QuickConnect, QuickVault, and PayWay Net.
API requests for QuickGateway, QuickVault, PayWay API, REST API or iLink HTTPS/SOAP

If you have implemented any of these features, make sure you have enabled the TLS v1.2 encryption protocol.

...

Perform a API request to the test environment.
- If you do not receive a TLS handshake error message then the underlying TLS connection was successful using the updated ciphers.

PayWay

Point your test environment to connect to the PayWay. You may have implemented
- PayWay Net with a secure token request, or
- PayWay API
Perform a secure token request or API request using the TEST merchant.
- If you do not receive a TLS handshake error message then the underlying TLS connection was successful using the updated ciphers.

...

Services	CBC disablement and TLSv1.3 enablement schedule
Test environments (all) Web services https://ws.staging.qvalent.com/ https://ws.support.qvalent.com/ http://ccapi.staging.qvalent.com/ http://ccapi.support.qvalent.com/ iLink File transfers and WIBS http://ssiw.support.qvalent.com http://ssiw.staging.qvalent.com Westpac Quickstream https://quickstream.staging.qvalent.com https://quickstream.support.qvalent.com https://quickweb.support.qvalent.com https://quickweb.staging.qvalent.com https://api.quickstream.staging.qvalent.com https://api.quickstream.staging.qvalent.com https://api.quickstream.support.qvalent.com Westpac iLink https://ilink.support.qvalent.com https://ilink.support.qvalent.com Westpac Invoice Finance https://wbcif.support.qvalent.com Payments Plus (all brands, including) https://paymentsplus-wbc.staging.qvalent.com https://paymentsplus-sgb.staging.qvalent.com https://paymentsplus-wbc.support.qvalent.com https://paymentsplus-sgb.support.qvalent.com api.paymentsplus.support.qvalent.com api.paymentsplus.staging.qvalent.com PayWay (all brands, including) https://payway.staging.qvalent.com https://payway-stgeorge.staging.qvalent.com https://api.payway.staging.qvalent.com Westpac QuickService https://service.staging.qvalent.com QuickSuper (all brands, including) https://quicksuper.support.qvalent.com https://quicksuper-stgeorge.support.qvalent.com Supplier Finance https://supplierfinance.support.qvalent.com BankRec https://bankrec.support.qvalent.com https://bankrec.staging.qvalent.com https://api.bankrec.staging.qvalent.com https://api.bankrec.support.qvalent.com	.staging.qvalent.com was implemented 20th May, 2024. .support.qvalent.com will be have TLSv1.3 enabled and CBC ciphers disabled on 3rd of July 2024.
Production environments (web browser access) Westpac Quickstream https://quickstream.westpac.com.au https://quickweb.westpac.com.au PayWay (all brands, including) https://www.payway.com.au https://payway.stgeorge.com.au QuickSuper (all brands, including) https://quicksuper.westpac.com.au https://quicksuper.stgeorge.com.au Westpac iLink https://ilink.westpac.com.au Westpac Invoice Finance https://westpacinvoicefinance.qvalent.com Payments Plus (all brands, including) https://paymentsplus.westpac.com.au https://paymentsplus.stgeorge.com.au Westpac QuickService https://quickservice.westpac.com.au	October 2, 2024
Production environments (REST API integration): Rest Services https://api.paymentsplus.qvalent.com https://api.bankrec.qvalent.com https://api.payway.com.au https://api.quickstream.qvalent.com	October 8, 2024
Production environments (API integration): QuickGateway Web services http://ccapi.client.qvalent.com	October 15, 2024
Production environments (Token Requests): Token Requests https://ws.qvalent.com	October 22, 2024
Production environments (file transfer): iLink HTTPS transfers and WIBS http://ssiw.qvalent.com	October 29, 2024

...

No, extensions cannot be granted for this change.
As this change affects the cryptography offered to all customers via our SFTP server serviceweb services, all customers must be prepared for this change simultaneously for this change to occur.
If you are not ready for this change, you may need to prepare to change your SFTP client software or prepare to instigate iLink BCP and how it will need to interact with your financial systems.

Will there be a way to continue using the old cryptographic standards

No, the above-mentioned cryptographic functions will be disabled.

...

Versions Compared

Old Version 13

New Version Current

Key

What is happening?

How do I know if we are ready for this change?

PayWay

Will there be a way to continue using the old cryptographic standards

Page Comparison

Versions Compared

Old Version 13

New Version Current

Key

What is happening?

How do I know if we are ready for this change?

PayWay

Will there be a way to continue using the old cryptographic standards