Compliance Alert – SEFAZ-SP shuts down SSL 3.0 and TLS 1.0 protocols for SATs

Update: Compliance Alert – SEFAZ-SP shuts down SSL 3.0 and TLS 1.0 protocols for SATs
Date: 2024-08-21

The São Paulo State Treasury Department (SEFAZ-SP) has announced that it will disable the SSL 3.0 and TLS 1.0 communication protocols for Electronic Receipt Authentication and Transmission System (SAT) devices. This change is set to enhance the security of tax receipt systems but may impact businesses that still rely on these older protocols.

The SSL 3.0 protocol was officially shut down on 12 August 2024. The TLS 1.0 protocol will follow, being deactivated on 1 October 2024. Starting at 08:30, SEFAZ-SP will begin the shutdown of the TLS 1.0 protocol. This maintenance is expected to last about two hours, during which communication between all SAT devices and SEFAZ may experience instability.

To avoid issues, it is recommended that new SATs are not activated during this time. After the maintenance, SAT devices that only communicate using SSL 3.0 or TLS 1.0 will no longer connect to SEFAZ. Businesses using SATs with these outdated protocols must update their systems to comply with SEFAZ-SP’s new requirements, ensuring they switch to more secure protocols like TLS 1.2.

Furthermore, SEFAZ-SP has provided a list of affected SAT models and the potential for updating to secure protocols in the above announcement. Businesses should check their equipment and make necessary updates to avoid disruptions in tax document processing. Failure to update may result in SATs being unable to communicate with SEFAZ-SP, leading to issues in issuing and validating tax receipts.

Have more questions? Submit a request