/n software 3-D Secure V2 macOS Edition

Questions / Feedback?

Server Module

Properties   Methods   Events   Configuration Settings   Errors  

The 3DS Server component provides support EMV® 3-D Secure (EMV 3DS) functionality designed with a web server in mind.




This class is designed to be used in a web server, or in a process used by a web server to facilitate EMV® 3-D Secure (EMV 3DS) functionality. The class is used primarily for the browser-based flow, but also for some operations in the app-based flow as detailed in other parts of the documentation.

Connecting with SSL Client Authentication

Many directory servers require client authentication via a client certificate. The SSLCert* properties are used to load the SSL client certificate. In order to properly authenticate to the directory server the entire certificate chain must be presented to the directory server during the initial SSL handshake. The sections below describe options for making sure the CA chain is included.

Option 1: PFX With CA Certs

The first option is to specify a PFX file which includes both the client certificate, and CA certificates. In this case the class will read the CA certificates from the PFX file and include them in the request.

Option 2: SSLCACerts Configuration Setting

Another option is to specify the CA certificates separately from the client certificate. To do this the SSLCACerts configuration setting may be set to a CrLf separated list of CA certificates. For instance:

Option 3: CA Certs in Windows Store

When running on Windows the CA certificates will also be included in the request if they are present in the Personal store of the user under which the application is running.

Card Ranges

The application using the 3DS Server class should maintain a cache of card range information that can be queried when a transaction is initiated. The RequestCardRanges method will retrieve card range information to be cached.

RequestCardRanges requests card ranges and additional information from the directory server.

When a transaction is initiated, the first step that should be taken is to find information about the card range to which the card number belongs. This include the protocol version number supported by the ACS and DS, and if one exists, any corresponding Method URL (used in the browser flow).

Results of this method should be cached in order to quickly look up information for subsequent transactions. It is recommended to call this method once every 24 hours at a minimum, and once per hour as a maximum to refresh the cache.

The first time this method is called, SerialNumber will be empty, indicating that all results should be returned. The CardRange event will fire for each result that is returned. The results will also be held in the CardRanges property.

The class will not cache the returned values; it is up to the user to cache these values in an appropriate location. The SerialNumber will be populated after this method returns. The SerialNumber should also be saved to be used in the next call to this method.

When making subsequent calls to this method, set SerialNumber to the value received from the last response. This is an offset the server will use to return only new updates (if any) to the card ranges since the last request.

The following properties are applicable when calling this method:

The following properties are populated after calling this method:

When using ProtocolVersion 2.2.0, CardRanges may also include ACSInformationIndicator data. This provides additional information on the functionality that is supported for the card range. This field is a comma separate list of values returned from the server; possible values are:

  • 01 - Authentication Available at ACS
  • 02 - Attempts Supported by ACS or DS
  • 03 - Decoupled Authentication Supported
  • 04 - Whitelisting Supported
  • 80-99 - Reserved for DS Use

If an error is identified with the card range data received from the directory server when calling the RequestCardRanges method, the ResendRequestCardRanges configuration setting will be true, indicating that the request should be resent. When resending, if SerialNumber was specified for the initial request, it should be set to an empty string before calling RequestCardRanges again. Otherwise, the request can be sent without the serial number again, but the server may respond with an error due to multiple requests within an hour.

Note that retrieving card ranges can consume a lot of memory, especially when retrieving the initial set of ranges. The StoreCardRangeData and UseJsonDOM configuration settings can be set to help minimize the amount of memory used.

Method Invocation

The GetMethodData method prepares data to be transmitted to the ACS via the cardholder's browser.

When a transaction begins, the card range cache should be queried to find details about the card range to which the card number belongs. If a MethodURL is defined for the card range, this method should be used to prepare data to be sent via the cardholder's browser to the MethodURL.

If the MethodURL is not set for the specified card range, set MethodCompletionIndicator to U before calling SendAuthRequest.

The following properties are applicable when calling this method:

This method returns a string which contains encoded data to be sent to the ACS. This includes ServerTransactionId and MethodNotificationURL. After calling this method, the returned string can be transmitted to the ACS via the cardholder's browser.

As per the EMVCo specification, create a hidden iframe in the browser and send a form with the field name threeDSMethodData containing the return value from this method and post the form to the MethodURL.

The ACS will record information about the customer's environment and then POST back to the MethodNotificationURL. The page at this URL should expect a form variable with the name threeDSMethodData which will contain the original ServerTransactionId value in order to match the response with the request. The form variable value will be base64url encoded and may be passed directly to the CheckResponse method. The class will decode and parse the received value and populate ServerTransactionId with the value from the received data.

If the response from the ACS is not received within 10 seconds, set MethodCompletionIndicator to N before calling SendAuthRequest.

Sending the Authentication Request

SendAuthRequest begins the 3-D Secure transaction flow by sending an authentication request to the DirectoryServerURL.

After calling this method, check TransactionStatus to determine if the cardholder is authenticated (frictionless flow) or further cardholder interaction is required to complete the authentication (challenge flow).

Prior to calling SendAuthRequest, data must to be collected to facilitate fraud checks by the ACS. The following properties are applicable for both app-based and browser-based flows:

App-Based Flow

In the app-based flow, device specific information is prepared by the 3DS SDK on the customer's device. This is transmitted to the 3DS Server class via a secure channel, the specifics of which are outside the scope of the classs. Set ClientAuthRequest to this data prepared by the 3DS SDK.

Browser-Based Flow

Before calling this method, first check the cached card-range data to determine if a MethodURL has been set by the ACS. Card range data may be retrieved by calling RequestCardRanges.

If no MethodURL is present for the given card, set MethodCompletionIndicator to U.

If a MethodURL has been specified by the ACS for the card number, the URL must be loaded in the cardholder's browser to allow the ACS to collect additional browser information for risk-based decision making. See the GetMethodData for further details.

Once the method URL invocation is complete, the authentication request may be sent. If the method URL invocation failed, set MethodCompletionIndicator to N before calling SendAuthRequest.

The following additional properties are applicable in browser-based flow:

Response Handling

After calling this method the TransactionStatus property holds the result. Possible values are:

Transaction Status Description
Y Authenticated successfully
C Cardholder challenge required
N Not authenticated
A Not authenticated, but a proof of authentication attempt was generated in AuthenticationValue
U Not authenticated due to technical or other issue
R Not authenticated because the issuer is rejecting authentication
D Challenge required; decoupled authentication confirmed
I Informational only; 3DS Requestor challenge preference acknowledged

If the transaction is authenticated (Y or A), no further steps are required. The flow is considered frictionless and the 3-D Secure processing is complete. If processing a payment, the AuthenticationValue and AuthenticationECI values can be included as proof of 3-D Secure authentication.

If the transaction requires a cardholder challenge (C or D), further steps are required.

If the transaction is not authenticated, TransactionStatusReason may contain details about the reason.

The following properties are applicable after calling this method:

Response Handling - App-Based Flow

After calling this method, ClientAuthResponse is populated with data to be transmitted back to the 3DS SDK. If a challenge is required, the ClientAuthResponse data is used by the 3DS SDK to start when initiating the challenge process.

The 3DS Server is responsible for indicating to the 3DS SDK the results of the SendAuthRequest process, and whether or not a challenge is required. Exactly how this is done is outside the scope of the classs themselves. The response to the 3DS SDK over the secure channel should include information on what to do next.

Note: The TransactionStatus is also populated in the 3DS Server class and may be inspected prior to transmitting ClientAuthResponse back to the 3DS SDK.

Response Handling - Browser-Based Flow

If TransactionStatus is C, then additional steps are required to complete the authentication. The GetChallengeRequest method should be called next to obtain data to be sent to the ACSURL in an authentication window in the customer's browser. Once authentication is complete, the ACS will post the results to the ResultsURL value that was specified when calling SendAuthRequest.

See the GetChallengeRequest method for more details.

If TransactionStatus is D, then decoupled authentication has been accepted by the ACS. DecoupledConfirmationIndicator will have a value of Y as well. Authentication will happen outside of the 3-D Secure flow and, when complete, the ACS will post the results to the ResultsURL that was specified when calling SendAuthRequest.

The DecoupledTimeRemaining value, which is calculated based on the DecoupledMaxTimeout value sent in the initial authentication request, can be checked to see the amount of time remaining before decoupled authentication must be completed. If the ACS does not post the results before this value runs out, it can be assumed that decoupled authentication was not successful.

Challenge Interaction

If the TransactionStatus is C, a challenge is required.

The GetChallengeRequest method is used to build the Challenge Request (CReq) which will be sent in a form post to the ACSURL property via the cardholder browser.

An iframe should be created in the cardholder's browser, which will be used to send the challenge request and allow the cardholder and ACS to interact directly.

The size of the challenge window (iframe) may be any of the sizes listed in ChallengeWindowSize. Before calling this method set ChallengeWindowSize to the appropriate value to let the ACS know the size of the window on the cardholder's browser.

Calling this method will return a string which should be placed in a creq form variable.

The SessionData setting may also be set with any data that may be helpful to continue processing the transaction after the final challenge response is received at the NotificationURL. To prepare the session data for submission, query EncodedSessionData. The encoded string may then be placed in the threeDSSessionData form variable.

Note: The maximum length of the threeDSSessionData form variable, after being encoded, is 1024 bytes.

Example Form

Response Handling

Once the challenge has been completed by the cardholder, the directory server will post a Results Request (RReq) to the ResultsURL specified when calling SendAuthRequest. See CheckResponse and GetResultsResponse for more details.

The ACS will also post the Challenge Response to the NotificationURL specified when calling SendAuthRequest. This post contains data which may be parsed to verify the challenge results. See CheckResponse for more details.

Response Handling

After a challenge is complete, the Directory Server and ACS will POST data back to the web server for additional processing. CheckResponse parses a variety of messages that are sent to the Server as part of the authentication process.

The following messages can be parsed using this method:

When calling the method, pass the message to be parsed as the Response parameter. The properties which are populated after calling this method vary depending on the type of message being parsed. See below for additional information.

Method Data from MethodNotificationURL

After calling GetMethodData, a request is made to the MethodURL. After this, the ACS will make a POST to MethodNotificationURL to inform the requestor of completion. Retrieve the threeDSMethodData form variable value that was POSTed and pass it to this method. After calling this method, the following properties are populated:

The ServerTransactionId may be used to match the response with the request.

Results Request message from ResultsURL

When a challenge is completed for both app-based and browser-based flows, a POST is made to the ResultsURL with a Results Request message.

Prior to checking this RReq message, the ServerTransactionId can be extracted using the ExtractRReqServerTransactionId configuration setting. This value can then be used to look up details on the transaction that were saved prior to starting the challenge process, including the messageVersion which must be set via the ProtocolVersion configuration setting prior to passing the RReq message to the CheckResponse method.

Pass the body of the HTTP request received at ResultsURL to this method. This contains information about the results, and asks for a Results Response to be sent back containing the ResultsStatus.

After calling this method, the following properties are populated:

To respond to the POST, set ResultsStatus to the appropriate value and call GetResultsResponse to build a response message to be sent back to the directory server. Use the value from GetResultsResponse in your application as the body of the HTTP response. Set the Content-Type header to application/JSON; charset=utf-8

Final Challenge Response from NotificationURL

In a browser-based flow, the challenge takes place directly between the cardholder and the ACS in a separate iframe or window. The ACS will POST the final challenge response to the NotificationURL after the challenge is complete. Retrieve the cres form variable value from the POST data and pass it to CheckResponse. After calling this method the following properties are populated:

In addition to the cres variable, a threeDSSessionData variable will be present if SessionData was set before calling GetChallengeRequest. The threeDSSessionData value POSTed to NotificationURL may be passed to EncodedSessionData. Query SessionData to get the decoded session data.

Logging Notes

Logging in the component is handled through the Log event. This will fire anytime a message is built or a response is parsed, including error messages.

When the Log event is fired, the message in question is made available via the Message event parameter. Properties such as EphemeralKey and DeviceParams are also available when they are gathered by the Client. The other event arguments are LogType and LogLevel:

The LogType parameter indicates the type of the log entry. Possible values are:

  • "Info"
  • "RequestHeaders"
  • "ResponseHeaders"
  • "RequestBody"
  • "ResponseBody"
  • "ProxyRequest"
  • "ProxyResponse"
  • "FirewallRequest"
  • "FirewallResponse"
  • "AReq"
  • "ARes"
  • "CReq"
  • "CRes"
  • "RReq"
  • "RRes"
  • "PReq"
  • "PRes"
  • "Erro"
  • "EphemeralKey"
  • "DeviceParams"
The LogLevel configuration setting can be used to specify the detail of the logs raised through the Log event. The LogLevel parameter in the event indicates the log level to which the current message belongs.

It is recommended to output all messages raised in this event to a file for record keeping purposes, or for later debugging issues that may have come up.

The Server and Client components also have DataPacketIn and DataPacketOut events that fire anytime a data packet is received or sent, respectively. The entire data packet is then accessible in the DataPacket event parameter. For encrypted packets, this would contain the full encrypted data. This parameter may be inspected for advanced troubleshooting.

Property List

The following is the full list of the properties of the module with short descriptions. Click on the links for further details.

AccountTypeIndicates the type of account.
AcquirerBINAcquiring institution identification code.
AcquirerMerchantIdAcquirer-assigned merchant identifier.
ACSURLURL of the ACS to be used for the challenge.
AuthenticationECIValue to be passed in the authorization message.
AuthenticationIndicator3DS Requestor Authentication Indicator.
AuthenticationValueUsed to provide proof of authentication.
BillingAddressThe customer's billing address.
BrowserAcceptHeaderHTTP accept header sent from the cardholder's browser.
BrowserIPAddressIP address of the cardholder's browser.
BrowserJavaEnabledValAbility of the cardholder's browser to execute Java.
BrowserJavaScriptEnabledValAbility of the cardholder's browser to execute JavaScript.
BrowserLanguageThe cardholder's browser language.
BrowserScreenColorDepthThe screen color depth of the cardholder's browser.
BrowserScreenHeightThe screen height of the cardholder's browser.
BrowserScreenWidthThe screen width of the cardholder's browser.
BrowserTimeZoneThe timezone offset of the cardholder's browser.
BrowserUserAgentThe User-Agent provided by the cardholder's browser.
CardExpDateExpiration date of the PAN or Token.
CardholderEmailThe cardholder email address.
CardholderHomePhoneThe cardholder home phone number.
CardholderMobilePhoneThe cardholder mobile phone number.
CardholderNameName of the cardholder.
CardholderWorkPhoneThe cardholder work phone number.
CardNumberCustomer's account number that will be authenticated.
CardRangesA collection of card ranges to be added to or removed from the cache.
ChallengeCompleteWhether or not the challenge cycle is complete.
ChallengeWindowSizeChallenge window size.
ClientAuthRequestThe data received by the component to be sent in the authentication request.
ClientAuthResponseThe authentication response for an app-based flow.
DataPacketOutContains the data packet sent to the server.
DeviceChannelDevice channel.
DirectoryServerURLThe address of the Directory Server.
ErrorPacketThe error packet.
ExtensionsExtensions to be included in the next outgoing packet.
MerchantCategoryCodeMerchant category code.
MerchantCountryCodeCountry code of the merchant.
MerchantNameMerchant name.
MessageCategoryThe category of the message.
MethodNotificationURLThe URL to which the method notification will be posted.
NotificationURLThe notification URL to which the challenge response is sent.
ProxyA set of properties related to proxy access.
PurchaseAmountPurchase amount to be authorized.
PurchaseCurrencyIdentifies the type of currency used by the merchant.
PurchaseDateThe date of the transaction.
PurchaseExponentMinor units of currency.
RecurringExpDateRecurring expiration date.
RecurringFrequencyThe number of days between recurring payments.
RequestorIdDirectory server assigned 3DS Requestor identifier.
RequestorNameDirectory server assigned 3DS Requestor name.
RequestorURL3DS Requestor website or customer care site.
ResultsStatusThe status of the Results Request.
ResultsURL3DS Server URL.
SerialNumberSerial number indicating the state of the current card range cache.
ServerTransactionIdServer transaction identifier.
ShippingAddressThe customer's shipping address.
SSLAcceptServerCertEncodedThe certificate (PEM/base64 encoded).
SSLCertEncodedThe certificate (PEM/base64 encoded).
SSLCertStoreThe name of the certificate store for the client certificate.
SSLCertStorePasswordIf the certificate store is of a type that requires a password, this property is used to specify that password in order to open the certificate store.
SSLCertStoreTypeThe type of certificate store for this certificate.
SSLCertSubjectThe subject of the certificate used for client authentication.
SSLServerCertEncodedThe certificate (PEM/base64 encoded).
TimeoutA timeout for the component.
TransactionStatusThe transaction status from the last parsed message (ARes, RReq, or CRes).

Method List

The following is the full list of the methods of the module with short descriptions. Click on the links for further details.

AddExtensionAdds an extension to the collection.
AddRequestFieldAdds a field to the data in the request.
CheckResponseParses the specified message.
ConfigSets or retrieves a configuration setting.
GetChallengeRequestBuilds the Challenge Request (CReq) for browser-based flow.
GetMethodDataPrepares method data to be sent to the ACS before the authentication request is sent.
GetResultsResponseBuilds and returns the Results Response Message (RRes) to be sent back to the directory server.
InterruptInterrupts the current action.
RequestCardRangesRequests card ranges from the directory server.
ResetClears all properties to their default values.
ResetTransactionInfoResets transaction specific information.
SendAuthRequestSends the authentication request to the directory server.

Event List

The following is the full list of the events fired by the module with short descriptions. Click on the links for further details.

CardRangeFired when the response to a Preparation Request Message (PReq) is received.
DataPacketInFired when receiving a data packet from the server.
DataPacketOutFired when sending a data packet to the server.
ErrorInformation about errors during data delivery.
LogFires once for each log message.
MessageExtensionFired when a Message Extension is present in a message being parsed.
SSLServerAuthenticationFired after the server presents its certificate to the client.
SSLStatusShows the progress of the secure connection.

Configuration Settings

The following is a list of configuration settings for the module with short descriptions. Click on the links for further details.

AccountAgeIndicatorCardholder Account Age Indicator.
AccountChangeDateCardholder Account Change Date.
AccountChangeIndicatorCardholder Account Change Indicator.
AccountDateDate cardholder account opened.
AccountDayTransactionsNumber of account transactions in the last day.
AccountIdCardholder Account Identifier.
AccountPasswordChangeDateCardholder Account Password Change Date.
AccountPasswordChangeIndicatorCardholder Account Password Change Indicator.
AccountProvisioningAttemptsNumber of account provisioning attempts in the last day.
AccountPurchaseCountCardholder Account Purchase Count.
AccountYearTransactionsNumber of account transactions in the last year.
ACSChallengeMandatedIndicatorACS Challenge Mandated Indicator.
ACSOperatorIdACS identifier assigned by DS.
ACSReferenceNumberUnique ACS Reference Number.
ACSRenderingInterfaceChallenge interface type presented to cardholder.
ACSRenderingUITemplateChallenge type presented to cardholder.
ACSSignedContentString value of the JWS object of the ARes message created by the ACS.
ACSTransactionIdUnique transaction identifier assigned by the ACS.
AddressMatchAddress Match Indicator.
AllowNullMethodURLAllow null MethodURL when retrieving card ranges.
AuthenticationTypeType of authentication method used by the issuer.
BroadInfoBroadcast Information.
CardholderInformationInformation text presented to Cardholder during the transaction.
ChallengeCancellationIndicatorChallenge Cancellation Indicator.
ChallengeTimeRemainingAmount of time left to complete challenge.
ClearCustomRequestFieldsClear the custom request fields internal collection.
ContinueParsingCardRangesOnErrorWhether or not to continue parsing card ranges when a validation error is encountered.
DecoupledConfirmationIndicatorACS Decoupled Confirmation Indicator.
DecoupledMaxTimeout3DS Requestor Decoupled Max Time.
DecoupledRequestIndicator3DS Requestor Decoupled Request Indicator.
DecoupledTimeRemainingTime remaining before a RReq should be received during a decoupled authentication.
DeliveryEmailAddressMerchandise Delivery Email Address.
DeliveryTimeframeMerchandise Delivery Timeframe.
DSEndProtocolVersionDS End Protocol Version.
DSReferenceNumberDS Reference Number.
DSStartProtocolVersionDS Start Protocol Version.
DSTransactionIdDirectory server transaction ID.
EMVPaymentTokenIndicatorEMV Payment Token Indicator.
EMVPaymentTokenSourceEMV Payment Token Source.
EncodedSessionDataEncoded session data that is sent in the challenge request and returned in the challenge response.
ErrorCodeCode from the last error message.
ErrorDescriptionDescription from the last error message.
ErrorDetailAdditional details from the last error message.
ExtractRReqServerTransactionIdExtacts the ServerTransactionId from the RReq packet.
GiftCardAmountTotal gift card(s) amount.
GiftCardCountTotal number of gift cards purchased.
GiftCardCurrencyGift Card Currency.
IncomingExtensionCountThe number of extensions received from the directory server.
IncomingExtensionCritical[Index]Whether the extension is critical.
IncomingExtensionData[Index]The extension data as JSON.
IncomingExtensionId[Index]The id of the specified extension.
IncomingExtensionName[Index]The extension name.
IncomingRawExtensionsThe full JSON formatted extension data received from the directory server.
InstalmentPaymentDataMax authorizations permitted for installment payments.
InteractionCounterInteraction Counter.
LogLevelLevel of logging enabled.
MaskSensitiveWhether to mask sensitive data in the Log event.
MessageTypeType of message that is passed.
MethodCompletionIndicator3DS Method Completion Indicator.
OutgoingRawExtensionsThe full JSON formatted extension data sent to the directory server.
PaymentAccountAgePayment Account Age.
PaymentAccountAgeIndicatorPayment Account Age Indicator.
PersistCustomRequestFieldsWhether or not to store custom request fields for subsequent requests.
PreOrderDateExpected date pre-ordered purchase will be available.
PreOrderPurchaseIndicatorPre-Order Purchase Indicator.
PriorAuthData3DS Requestor Prior Transaction Authentication Data.
PriorAuthMethod3DS Requestor Prior Transaction Authentication Method.
PriorAuthTimestamp3DS Requestor Prior Transaction Authentication Timestamp.
PriorReference3DS Requestor Prior Transaction Reference.
ProtocolVersionProtocol version identifier.
ReorderItemsIndicatorReorder Items Indicator.
ReqAuthData3DS Requestor Authentication Data.
ReqAuthMethod3DS Requestor Authentication Method.
ReqAuthTimestamp3DS Requestor Authentication Timestamp.
RequestorChallengeInd3DS Requestor Challenge Indicator.
ResendRequestCardRangesWhether or not to resend the card ranges request.
ServerOperatorId3DS Server identifier.
SessionDataSession data that is sent in the challenge request and returned in the challenge response.
ShipAddressUsageDateShipping address first usage date.
ShipAddressUsageIndicatorShipping address usage indicator.
ShipIndicatorShipping method indicator.
ShipNameIndicatorShipping Name Indicator.
StoreCardRangeDataWhether or not to store the card ranges in the CardRanges collection.
SuspiciousAccountActivitySuspicious account activity indicator.
ThreeRIIndicator3RI Indicator.
TransactionStatusReasonReason for value of TransactionStatus.
TransactionTypeTransaction Type.
UseAESGCMWhether or not to use AESGCM as the encryption algorithm.
UseJsonDOMWhether or not the component should build an internal DOM when parsing card ranges.
WhitelistStatusWhitelist Status.
WhitelistStatusSourceWhitelist Status Source.
XChildCountThe number of child elements of the current element.
XChildName[i]The name of the child element.
XChildXText[i]The inner text of the child element.
XElementThe name of the current element.
XParentThe parent of the current element.
XPathProvides a way to point to a specific element in the returned XML or JSON response.
XSubTreeA snapshot of the current element in the document.
XTextThe text of the current element.
LogSSLPacketsControls whether SSL packets are logged when using the internal security API.
OpenSSLCADirThe path to a directory containing CA certificates.
OpenSSLCAFileName of the file containing the list of CA's trusted by your application.
OpenSSLCipherListA string that controls the ciphers to be used by SSL.
OpenSSLPrngSeedDataThe data to seed the pseudo random number generator (PRNG).
ReuseSSLSessionDetermines if the SSL session is reused.
SSLCACertsA newline separated list of CA certificate to use during SSL client authentication.
SSLCheckCRLWhether to check the Certificate Revocation List for the server certificate.
SSLCipherStrengthThe minimum cipher strength used for bulk encryption.
SSLEnabledCipherSuitesThe cipher suite to be used in an SSL negotiation.
SSLEnabledProtocolsUsed to enable/disable the supported security protocols.
SSLEnableRenegotiationWhether the renegotiation_info SSL extension is supported.
SSLIncludeCertChainWhether the entire certificate chain is included in the SSLServerAuthentication event.
SSLNegotiatedCipherReturns the negotiated ciphersuite.
SSLNegotiatedCipherStrengthReturns the negotiated ciphersuite strength.
SSLNegotiatedCipherSuiteReturns the negotiated ciphersuite.
SSLNegotiatedKeyExchangeReturns the negotiated key exchange algorithm.
SSLNegotiatedKeyExchangeStrengthReturns the negotiated key exchange algorithm strength.
SSLNegotiatedVersionReturns the negotiated protocol version.
SSLProviderThe name of the security provider to use.
SSLSecurityFlagsFlags that control certificate verification.
SSLServerCACertsA newline separated list of CA certificate to use during SSL server certificate validation.
TLS12SignatureAlgorithmsDefines the allowed TLS 1.2 signature algorithms when UseInternalSecurityAPI is True.
TLS12SupportedGroupsThe supported groups for ECC.
TLS13KeyShareGroupsThe groups for which to pregenerate key shares.
TLS13SignatureAlgorithmsThe allowed certificate signature algorithms.
TLS13SupportedGroupsThe supported groups for (EC)DHE key exchange.

Copyright (c) 2022 /n software inc. - All rights reserved.
/n software 3-D Secure V2 macOS Edition - Version 2.2 [Build 8374]