MasterCard Digital Enablement Service

Pre-Digitization API
Client ID and Encryption Key Generation Procedure
MTF and Production Environments
Version 2.3

24 July 2017
MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Version Control

Version Version Date Author Description and Section

1.0 N/A Robert Leonard Initial document creation.

2.0 04/26/2017 Russ Forney Updates for formatting and content changes.

2.1 05/25/2017 Russ Forney Updates to the list of MasterCard Trusted Certificates.
Updated list of supported TLS/SSL cipher suites.

2.2 07/11/2017 Russ Forney Updates to Developer Zone onboarding and key
generation process, to more closely align with user
experience.

2.3 07/24/2017 Russ Forney Updates to remove IP Whitelisting information.

Acronyms / Definitions

Acronym Definition
API Application Programming Interface
CA Certificate Authority
CIS Customer Implementation Services
CSR Certificate Signing Request
IM Implementation Manager
IP Internet Protocol
KMS Key Management Services
MC MasterCard
MDES MasterCard Digital Enablement Service
MTF MasterCard Test Facility. This is MasterCard's customer-facing test
environment. This environment may also be referenced as Sandbox.
SSL Secure Socket Layer
TLS Transport Layer Security
XMLGW MasterCard XML Gateway. This gateway is used by external customers, to
access authorized MasterCard systems and resources.

Confidential and Proprietary Page 2 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Overview

This document describes the process an MDES Customer must follow for their developers to register
with the MasterCard Developer Zone, create an MDES Pre-Digitization project, and generate the needed
keys for the appropriate MasterCard environments.

Pre-Setup Information

The following information will be needed to describe the MDES Pre-Digitization setup in the Developer
Zone portal.

Developer Zone Service Name for access to Documentation: MDES PRE-DIGITIZATION

Process: Client ID and Encryption Key Generation Procedure

Environment: Member Test Facility (MTF) and Production

Access to Mock [Stubs] or Dynamic code: Dynamic Code Only

Process Overview Steps

This section describes the high-level steps that should take place, to implement an MDES Pre-
Digitization project, through Developer Zone.

1. Register with the Developer Zone portal.

2. Create a New Pre-Digitization Project.
3. Move Project to Production environment.
4. Complete Your Company Profile.
5. Configure Your Project.
6. Create Production Key.
7. Create MasterCard Encryption Keys for Production environment. MasterCard uses the Issuer
Encryption Public Key (a.k.a. MasterCard Encryption Keys on MC Developer Portal Summary
Project page) to encrypt the ephemeral “single use” encryption key (in an RSA digital envelope)
and includes this as encryptedKey in the outbound request. The Issuer uses the Issuer
Encryption Private Key to decrypt this encryptedKey digital envelope and recover the ephemeral
“single use” key.
8. Create MasterCard Encryption Keys for MTF environment.
9. Request Keys for Downloading.
10. Import Encryption Keys into Keystore.
11. Provide the Client ID to CIS IM.
12. Retrieve publicKeyFingerprint for each Encryption Key.
13. Ensure your Internet appliance has access to Entrust Certificate Authority L1K certificate chain.
14. Ensure a Supported TLS/SSL Cipher Suite is Being Used.

Confidential and Proprietary Page 3 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Detailed Process Steps

Step 1 – Register with Developer Zone

1. Access Developer Zone by navigating to the following URL: https://developer.mastercard.com
2. Click the Sign Up link in the bottom left corner of the screen.
3. Complete all fields and select the following checkboxes (at minimum):
a. Enter a unique Username, to identify yourself in the Developer Zone. When creating a
username, avoid spaces and special characters.
b. Enter a valid Email Address. This will be used by Developer Zone, to communicate with
you.
c. Enter a valid Password for your account.
d. Click the reCaptcha “I’m not a robot” checkbox and select all applicable images. Upon
success, the check box will turn to a green check mark.

e. Click the “I agree to the Developer Program Agreement and Privacy Policy ” terms and
conditions checkbox.
f. For additional help with the sign up process, use the additional links provided on the
right side of the screen.

4. Click the Sign Up button.

5. A pop-up message will be displayed, informing you that your account has been registered with
Developer Zone.
6. You will receive an e-mail at the e-mail address you registered with, as the final step of
activating your account. Follow the instructions in the e-mail and click on the Account
activation link, to complete the registration process.

Step 2 – Create a New Pre-Digitization Project

1. Access Developer Zone by navigating to the following URL: https://developer.mastercard.com
2. Log in, using the Username and Password that you created.
3. Create a new project by clicking the Create New Project button, in the upper right portion of the
screen.

Confidential and Proprietary Page 4 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

4. Specify that your project will be using the MDES Pre-Digitization APIs, by performing the
following steps:
a. Select MDES Pre-digitization from the Choose API dropdown list. This is the API for the
Production environment.
b. Click the Add another API link, to select the API for the MTF environment.
c. Select MDES Pre-digitization MTF from the Choose API dropdown list.
d. Click the Continue button, to start creating your Pre-digitization project.

5. Enter a descriptive name for your project and click the Create My Project button.

Confidential and Proprietary Page 5 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

6. A pop-up will be displayed, informing you that your Pre-Digitization project has been created.
Ignore the information about Keystore Password and Alias and click the Okay Button.

7. At the bottom of the project creation screen, prompts will be displayed that allow downloading
and storing of the Developer Zone Sandbox environment key that was generated for the project.
Pre-Digitization API services are not available in the Sandbox environment, so this certificate is
not needed. Click the Cancel button to proceed without saving the Sandbox key.

Step 3 – Move Project to Production Environment

In the Mastercard enterprise, both the MTF and Production Pre-Digitization APIs can be accessed from
the Production environment. Since Pre-Digitization services are not available in the Developer Zone
Sandbox environment, the project must be moved to Production, in order to proceed. To move your
Pre-Digitization project to the Production environment, perform the following steps:

1. The user should validate that the newly created Pre-Digitization project, is displayed on the
screen, before proceeding. The project name should appear in the left navigation bar and be
displayed at the top of the Project screen.

Confidential and Proprietary Page 6 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

2. The user should also validate that both the MDES Pre-digitization and MDES Pre-digitization
MTF APIs are associated to the project, by looking in the My APIs portion of the Project screen.

3. The project exists in the Developer Zone Sandbox environment (as noted at the top of the
Project screen) and must be moved to Production. To start this process, click the Move to
Production button, in the upper right portion of the screen.

4. When prompted to move the application to the production environment, click the Okay, got it
button.

Confidential and Proprietary Page 7 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Step 4 – Complete Your Company Profile

If you have newly registered to Developer Zone, you will need to provide additional details about your
company, before proceeding. Perform the following steps to update your Company Profile:

1. In the Name section, enter your First Name and Last Name.
2. Enter your Company Name.
3. In the Address section, provide valid address details for your company.
4. Enter a valid Phone Number where you can be reached, in the Contact field.
5. Click the Next button, to proceed to the next step in the process.

NOTE: It is critical that the customer enters valid and complete company information in this section.
Mastercard may need to periodically contact registered Developer Zone participants and
needs accurate contact information to do so.

Step 5 – Configure Your Project

The next step involves providing endpoint details that MDES will use to send its pre-digitization
messages to the customer. Perform the following steps to complete configuring your project:

1. Enter a valid endpoint (URL + TCP Port + Context Root) for MDES to use, when sending
Production pre-digitization messages to the customer in the MDES Pre-Digitization field. An
example might look like: https://www.mycompany.com:8543/prodweb

Confidential and Proprietary Page 8 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

2. Enter a valid endpoint (URL + TCP Port + Context Root) for MDES to use, when sending MTF pre-
digitization messages to the customer in the MDES Pre-Digitization MTF field. An example
might look like: https://www.mycompany.com:4044/testweb
3. Click the Next button, to proceed to the next step in the process.

NOTE: It’s critical that the customer enters valid working endpoints in this step. Any
configuration changes to the endpoints after they are provided in this step will take 10
business days at minimum to be completed.

Step 6 – Create Production Key

The next step involves creating a Production Key that will be used by Mastercard for authentication.
Since Pre-Digitization is an outbound service to the customer, inbound authentication is not required.
This is still a required step, since Mastercard needs a portion of the information in this key, to complete
the project onboarding process. To do this, use one of the following 2 methods:

1. Upload your own CSR (preferred method), by using your key management system to generate the
private keys in some secure hardware store.
a. Select the Upload Existing CSR instead link.
b. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field. An example might look like: MyCompany-PreDig-ProdMTF.

Confidential and Proprietary Page 9 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

c. Click the Browse button to find and upload that CSR file.
d. Click the Next button to upload the CSR, to generate a 2048-bit key pair that will be used
for Pre-Digitization.

NOTE: Make sure your CSR file is in PEM format

2. Use the Mastercard Open API browser-based key generator in the screen below and allow MC
Open API to generate a key for you.
a. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field.
b. Enter a password that will be used to encrypt the keys that the customer will receive, in the
Keystore Password field.
c. Click the Next button to generate a 2048-bit key pair that will be used for Pre-Digitization.

Confidential and Proprietary Page 10 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

NOTE: Although this key is not “directly” used by the customer (i.e. Pre-Digitization API only
supports MDES outbound initiated requests to the customer), a portion of this key is used
“indirectly” by Mastercard, as a configuration parameter within the MDES database.
Hence, the customer is required to generate it.

Step 7 – Create MasterCard Encryption Keys for Production Environment

In this step you will create a PRODUCTION MasterCard encryption key pair. MDES will store the Public
Key and use it to wrap the one-time use ephemeral key in the payload of the outbound Pre-Digitization
API request in, the PRODUCTION environment. To do this, use one of the following 2 methods:

1. Upload your own CSR (preferred method), by using your key management system to generate the
private keys in some secure hardware store.
a. Select the Upload Existing CSR instead link.
b. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field. An example might look like: MyCompany-EncryptKey-PreDig-Prod.
c. Click the Browse button to find and upload that CSR file.
d. Click the Next button to upload the CSR, to generate a 2048-bit key pair that will be used
for Pre-Digitization.

NOTE: Make sure your CSR file is in PEM format

2. Use the Mastercard Open API browser-based key generator in the screen below and allow MC
Open API to generate a key for you.
a. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field.
b. Enter a password that will be used to encrypt the keys that the customer will receive, in the
Keystore Password field.
c. Click the Next button to generate a 2048-bit key pair that will be used for Pre-Digitization.

Step 8 – Create MasterCard Encryption Keys for MTF Environment

In this step you will create an MTF MasterCard encryption key pair. MDES will store the Public Key and
use it to wrap the one-time use ephemeral key in the payload of the outbound Pre-Digitization API
request in, the MTF environment. To do this, use one of the following 2 methods:

1. Upload your own CSR (preferred method), by using your key management system to generate the
private keys in some secure hardware store.
a. Select the Upload Existing CSR instead link.
b. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field. An example might look like: MyCompany-EncryptKey-PreDig-MTF.
c. Click the Browse button to find and upload that CSR file.
d. Click the Next button to upload the CSR, to generate a 2048-bit key pair that will be used
for Pre-Digitization.

NOTE: Make sure your CSR file is in PEM format

Confidential and Proprietary Page 11 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

2. Use the Mastercard Open API browser-based key generator in the screen below and allow MC
Open API to generate a key for you (process illustrated below).
a. Enter a descriptive name for the key, which identifies it purpose and environment, in
the Key Alias field.
b. Enter a password that will be used to encrypt the keys that the customer will receive, in the
Keystore Password field.
c. Click the Next button to generate a 2048-bit key pair that will be used for Pre-Digitization.

Step 9 – Request Keys for Downloading

In this final step of the wizard that moves your project to the Mastercard Production environment, you
will request to download all of the Production and MTF keys that you provided information for in the
previous steps. Your key request will be reviewed by Mastercard’s Key Management team and an
approval e-mail will be sent to the e-mail address that you registered for Developer Zone with. To
request your Pre-Digitization keys, perform the following steps:

1. Click the Submit button to confirm and download keys.

2. The following acknowledgement screen will appear, along with an e-mail (examples below) sent
to your e-mail address. Click the OK button to complete the Pre-Digitization project wizard.

3. MasterCard will review the request and upon approval, you should expect to receive an e-mail
similar to the following, indicating access that your certificate requests have been approved.

Confidential and Proprietary Page 12 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

4. Until your API service requests have been reviewed and approved, the summary page for your
Developer Zone project will indicate a status of Pending Production Request. Once the API
requests have been reviewed and approved, this status will change to In Production.

Your API requests will also show a Pending status, until all approvals are complete.

Confidential and Proprietary Page 13 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Step 10 – Import Encryption Keys into Keystore

1. At the bottom of the screen you will be asked if you want to save or open the zip file containing
the generated keys. Click the Save button and save the zip file that contains your keys to your
local drive. Click the Open button, to open the zip file.

2. The zip file should contain your Production/MTF key, as well as the Production and MTF
encryption keys. The Production/MTF key (production.p12 key) can be ignored, since it is not
needed for Pre-Digitization. The encryption keys (encryption-mc.p12) are used by the customer
to decrypt the incoming Pre-Digitization requests from Mastercard. These should each be
imported into the keystore for the appropriate environment (Prod -> Prod and MTF -> MTF), at
the customer’s location.

Step 11 – Provide Client ID to CIS IM

As part of the move of your Pre-Digitization project for the Mastercard Production environment, you
should be working with a Customer Implementation Services Implementation Manager (CIS IM). You
must retrieve your Mastercard API Customer ID from your production key and provide it to your CIS IM.
To complete this, perform the following steps:

1. From the Developer Zone Project Summary page, go to the Production Keys section, click on the
Actions dropdown button, and select the Copy key option.

Confidential and Proprietary Page 14 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

2. Paste the key value into an e-mail and send it to your CIS IM. Be sure to clearly state which
project the key is for. The first 48 characters of this key value (up to the exclamation point) will
be the Mastercard API Client ID, which will be used in both the MTF and Production
environments. An example of the key value, with Client ID highlighted in red, might be:
YmGQWCX2b-h0XFIH0F0-ld0X7gK96hpOgukp03pj38ef6a4f!90499c1d80c4417
a824aedcec14ea6c00000000000000000

Step 12 – Retrieve publicKeyFingerprint for each Encryption Key

MDES will send the publicKeyFingerprint in each Pre-Digitization API request that the customer
receives. This value is used to indicate which Private Key should be used to unwrap the encryptedKey in
the payload of the Pre-Digitization API request. The publicKeyFingerprint of each MasterCard
Encryption Key (Production and MTF) can be obtained by completing the following steps:

1. From the Developer Zone Project Summary page, go to the Mastercard Encryption Keys section,
click on the Actions dropdown button, and select the Copy fingerprint option.

2. Paste copied value into a document (Notepad, Word, etc.) and note that it is the
publicKeyFingerprint for the Production environment.

Confidential and Proprietary Page 15 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

3. Associate that publicKeyFingerprint (from the Mastercard Production Encryption Key) to your
Production Private Key, so you will know which Private Key to use when performing
unwrap/decrypt operations on incoming Pre-Digitization requests in Production.
4. From the Developer Zone Project Summary page, go to the Mastercard MTF Encryption Keys
section, click on the Actions dropdown button, and select the Copy fingerprint option.

5. Paste copied value into a document (Notepad, Word, etc.) and note that it is the
publicKeyFingerprint for the MTF environment.
6. Associate that publicKeyFingerprint (from the Mastercard MTF Encryption Key) to your MTF
Private Key, so you will know which Private Key to use when performing unwrap/decrypt
operations on incoming Pre-Digitization requests in MTF.

Step 13 – Ensure your Internet Appliance has access to Entrust Certificate Authority L1K
Certificate Chain
1. MasterCard will need to establish a mutual TLS connection with your Internet-facing appliance,
in order to initiate outbound web service calls to your previously designated endpoint.
2. In order for you to validate the MasterCard XMLGW Client certificate (when presented), you will
need to ensure your Internet appliance has access to a trustore containing the Entrust
Certificate Authority L1k certificate chain (which is the CA chain that issued the MasterCard
XMLGW Client certificate). Should you need to obtain this CA Chain, you may download it from
the Entrust website (https://www.entrust.com/get-support/ssl-certificate-support/root-
certificate-downloads/) and import it into the appropriate trustore.

Example instructions are as follows:

a. If you are accessing the Entrust site from the appliance containing the trustore and you
simply want to install the certificates, you may simply click on the following buttons
below from the Entrust site.

Confidential and Proprietary Page 16 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Confidential and Proprietary Page 17 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

i. Click the Download button to download your certificate.

ii. Click the Open button, when prompted.

iii. Select Install Certificate.

b. Or if you are accessing the Entrust site from a PC or server not connected to the
intended trustore and simply want to download the certificates, you may:
i. Click the Download button to download your certificate.
ii. Click the Save dropdown and select the Save Target As… option.
iii. Navigate to the directory that the certificate should be save in.
iv. Click the Save button.
3. The MasterCard XMLGW has the following list of CAs it currently trusts to validate the signature
on the customer’s server cert. If the CA that signed the customer’s server cert is not present in
the list below, the customer can either use one of the CAs below to sign their server cert or
request their CIS representative to contact MasterCard KMS Technical Services, to determine if
additional CAs can be added to the list of MasterCard Trusted Certificates.

AC SUBORDINADA DEMO CERTICAMARA S.A

AC RAIZ DEMO CERTICAMARA S.A
Access Management root CA
MC Access Management sub CA
COMODO High-Assurance Secure Server CA
UTN-USERFirst-Hardware
COMODO RSA Certification Authority
AddTrust External CA Root
Cybertrust Public SureServer SV CA
Verizon Public SureServer CA G14-SHA2
Baltimore CyberTrust Root
COMODO RSA Extended Validation Secure Server CA
COMODO RSA Domain Validation Secure Server CA
tibgwp1.emiratesnbd.com
DigiCert Secure Server CA
DigiCert SHA2 Secure Server CA
DigiCert SHA2 Extended Validation Server CA
DigiCert High Assurance EV CA-1
DigiCert High Assurance CA-3
DigiCert SHA2 High Assurance Server CA
Entrust Certification Authority - L1K
Entrust Certification Authority - L1M
Entrust Root Certification Authority - G2
Entrust Certification Authority - L1C
Entrust.net Certification Authority (2048)
GeoTrust Global CA

Confidential and Proprietary Page 18 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Go Daddy Root Certificate Authority - G2

Go Daddy Secure Certificate Authority - G2
HomeSend-CA
ITF MC Production Network Applications root CA
ITF MC Production Network Applications sub CA
MasterCard MTF External Clients Root CA G1
MasterCard MTF External Clients Sub CA G1
72932-Inbound-Gateway-RSA-MTF
78554-FirstBankNigeira-NICSAPI-MTF
MasterCard PRD Access Management Root CA G2
MasterCard PRD Access Management Sub CA G2
MasterCard PRD Application Infrastructure Root CA G2
MasterCard PRD Application Infrastructure Sub CA G2
MasterCard PRD Corporate Network Root CA G2
MasterCard PRD Corporate Sub CA1
MasterCard PRD Corporate Sub CA2
MasterCard PRD Corporate Sub CA3
MasterCard PRD Corporate Sub CA4
MasterCard PRD Corporate Network Sub CA G2
MasterCard PRD External Customers Root CA G2
MasterCard PRD External Customers Sub CA G2
83235-mtf-testmerchant-acs-signer-desktop
86225-mtf-testmerchant-acs-signer-desktop
86224-mtf-testmerchant-acs-signer-desktop
86399-prod-misvalidation-acs-signer-desktop
86398-prod-misvalidation-acs-signer-desktop
MasterCard Public Sub CA Gen 3
MasterCard MTF Wallet Service Outbound Sub CA
PRD MC Corporate Network Root CA
PRD MC Corporate Network Sub CA
PRD MC External Clients root CA
PRD MC External Clients sub CA
Inbound Gateway Signing PRD MIP
Inbound Gateway Signing PRD CONSENT CHI 0
Inbound Gateway Signing PRD CONSENT CHI 1
Inbound Gateway Signing PRD CONSENT DAL 0
Inbound Gateway Signing PRD CONSENT DAL 1
Inbound Gateway PRD SwitchFly
Inbound Gateway Signing Syniverse CONSENT 01a
Inbound Gateway Signing Syniverse CONSENT 01b
Inbound Gateway Signing Syniverse CONSENT 00a
Inbound Gateway Signing Syniverse CONSENT 00b
Inbound Gateway Signing PRD BAC

Confidential and Proprietary Page 19 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Inbound Gateway Signing MTF BAC

Inbound Gateway MIP PROD Signing 00a
Inbound Gateway MIP PROD Signing 00b
Inbound Gateway MIP PROD Signing 01a
Inbound Gateway MIP PROD Signing 01b
73701-Inbound-Gateway-RSA-PRD
80818-Inbound-Gateway-PRD-ZUMIGO
PRD MC Messages Signing root CA
PRD MC Messages Signing sub CA
PRD MC Production Network Applications root CA
PRD MC Production Network Applications sub CA
Trustwave Organization Validation SHA256 CA, Level 1
kio.banamex.com
ionxmlqa-card.capitalone.com
*.s6.exacttarget.com
72944-visatokenservicescert-visa-com
www.txsprodrbm.com
thawte Primary Root CA
Thawte SSL CA
thawte SSL CA - G2
Network Solutions Certificate Authority
VeriSign Class 3 International Server CA - G3
VeriSign Class 3 Public Primary Certification Authority - G5
VeriSign Class 3 Secure Server CA - G3
Symantec Class 3 Secure Server CA - G4
Symantec Class 3 EV SSL CA - G3
VeriSign Universal Root Certification Authority
Symantec Class 3 Secure Server SHA256 SSL CA
WellsSecure Public Root Certification Authority 01 G2
Visa Information Delivery Root CA
Visa Information Delivery External CA
Visa Information Delivery External CA
WellsSecure Public Root Certification Authority 01 G2
WellsSecure Certification Authority 01 G2
WilliamKTY
OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US
VeriSign Class 3 Public Primary Certification Authority - G5
OU=Equifax Secure Certificate Authority,O=Equifax,C=US
OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US
MasterCard Public Root CA Gen 3
OU=RSA Security 2048 V3, O=RSA Security Inc

Confidential and Proprietary Page 20 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

Step 14 – Ensure a Supported TLS/SSL Cipher Suite is Being Used

Ensure your Internet-facing appliance that establishes the connection with the MasterCard XMLGW
supports one of the following TLS/SSL cipher suites, in order to establish a Mutual TLS connection.
Should you require a cipher suite that is not in the support list below, please contact your CIS IM, so
they may inquire to the MasterCard XMLGW team about adding additional cipher suites.

 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
 TLS_RSA_WITH_AES_256_CBC_SHA256
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
 TLS_RSA_WITH_AES_256_CBC_SHA
 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
 TLS_RSA_WITH_AES_128_CBC_SHA256
 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 TLS_RSA_WITH_AES_128_CBC_SHA
 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
 TLS_ECDHE_RSA_WITH_RC4_128_SHA
 SSL_RSA_WITH_RC4_128_SHA
 TLS_ECDH_ECDSA_WITH_RC4_128_SHA
 TLS_ECDH_RSA_WITH_RC4_128_SHA
 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
 SSL_RSA_WITH_3DES_EDE_CBC_SHA
 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
 SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Confidential and Proprietary Page 21 7/24/2017

MDES – Developer Zone Onboarding – Pre-Digitization
Version 2.3

 SSL_RSA_WITH_RC4_128_MD5
 SSL_RSA_WITH_DES_CBC_SHA
 SSL_DHE_RSA_WITH_DES_CBC_SHA

Confidential and Proprietary Page 22 7/24/2017