What is TLS?
TLS is the protocol that ensures a secure connection between two servers. TLS encrypts all data that is transmitted via the internet and secures it against interception.
Why limit the support of TLS 1.2?
We decided to stop supporting some of the cipher suites in TLS 1.2 that now are considered to offer less protection against newer attacks.
No changes for TLS 1.3 are planned at this time.
What does this mean for me?
On April 15th, 2025, Mollie will stop supporting TLS 1.2 if the algorithm used under the version does not belong to the list of authorised algorithms below.
After this date, any other algorithms for TLS 1.2 will stop being supported meaning API calls will no longer be accepted if you do not upgrade.
If you have TLS 1.2 configured, please use one of the following recommended algorithms:
| 1301 - TLS_AES_128_GCM_SHA256 | TLS 1.3 |
| 1302 - TLS_AES_256_GCM_SHA384 | TLS 1.3 |
| 1303 - TLS_CHACHA20_POLY1305_SHA256 | TLS 1.3 |
| C02F - ECDHE-RSA-AES128-GCM-SHA256 | TLS 1.2 |
| CCA8 - ECDHE-RSA-CHACHA20-POLY1305 | TLS 1.2 |
| C030 - ECDHE-RSA-AES256-GCM-SHA384 | TLS 1.2 |
| C02C - ECDHE-ECDSA-AES256-GCM-SHA384 | TLS 1.2 |
| CCA9 - ECDHE-ECDSA-CHACHA20-POLY1305 | TLS 1.2 |
| 009E - DHE-RSA-AES128-GCM-SHA256 | TLS 1.2 |
| 009F - DHE-RSA-AES256-GCM-SHA384 | TLS 1.2 |
| CCAA - DHE-RSA-CHACHA20-POLY1305 | TLS 1.2 |
We highly recommend that you upgrade to TLS 1.3.
How can I check which TLS version and cipher suites our applications are currently using to connect to the API?
If you are interacting with Mollie via API, you need to verify your software configuration to ensure specific ciphers are supported. The necessary steps vary depending on your operating system. Contact your administrator or network support team for assistance if needed.
If you are interacting with Mollie via the Web App (Dashboard), make sure your web browser is up-to-date. Modern and up-to-date browsers should automatically enforce the most recent version of TLS.
Important: TLS is an integral part of the operating system rather than a particular library or framework, so we would strongly advise to update your systems wherever possible.
If you are using certificate pinning, it could limit the available cipher suites. Consult with your implementation team or network administrator whether this is the case.
How do I change my version?
Only the one who is responsible for your network infrastructure can upgrade your TLS version. Your TLS version is decided by the level of your infrastructure. This means that your server determines the amount of encryption that is required.
I have updated my system configuration, how can I confirm that it works?
The scripts below are provided as examples. Consult with your implementation team or network administrator to confirm how to proceed.
If you are using Windows-based operating system
You can execute a Powershell script
$headers = @{
"Authorization" = "Bearer live_CHANGE_ME_TO_API_KEY"
}
try {
Invoke-WebRequest `
-Uri "https://api.mollie.com/v2/payments?limit=5" `
-Headers $headers `
-Method Get `
-Verbose
} catch {
Write-Error $_.Exception.Message
}
It should result in a valid response returned by Mollie API.
If you are using Linux-based operating system
You can use built-in curl utility to send a request to Mollie API:
curl \
--silent \
--verbose \
--header "Authorization: Bearer live_CHANGE_ME_TO_API_KEY"
https://api.mollie.com/v2/payments?limit=5
Otherwise, you can force a specific TLS cipher by specifying it in the command:
curl \
--silent \
--verbose \
--ciphers "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" \
--header "Authorization: Bearer live_CHANGE_ME_TO_API_KEY"
https://api.mollie.com/v2/payments?limit=5
It should result in a valid response returned by Mollie API.