TLS Security and Communication Settings
We regularly review our security settings and try to find an optimal balance between maximum security and backward compatibility. Due to current developments in communication standards and regulatory requirements, it is nevertheless necessary to make occasional adjustments to our communication endpoints.

TLS Version

For encrypted communication (HTTPS) with Saferpay, TLS 1.2 must be used as protocol for transport encryption. Unencrypted communication (HTTP) or earlier versions of TLS or SSL are not supported.

Cipher Suites

Furthermore, at least one of the following encryption algorithms (Cipher Suites) must be used to establish a connection to Saferpay:
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
  • TLS_DHE_RSA_WITH_AES_128_GCM_SHA256

Outgoing IP Addresses and ports, used by Saferpay

We do not recommend to rely on IP address whitelisting for security reasons as IP addresses can be easily faked by criminals. Experts call this "IP address spoofing".
Please note that the host names and IP addresses listed below may change from time to time on short notice or even without prior notification.
Saferpay uses the standard HTTP(S) ports 80/443 and the following host names:
  • www.saferpay.com for connecting to the production environment
  • test.saferpay.com for connecting to the sandbox (test environment)
For HTTP-based messages originating from Saferpay (e.g. transaction result notifications sent from Saferpay to merchant web servers) the following IP addresses are used:
  • 153.46.97.94
  • 153.46.244.84
  • 193.247.180.4
Last modified 22d ago