Authorize.Net, DPM, relay response and TLS 1.0

I think I lost almost 8 hours to this. We have an app that integrates with Authorize.Net via DPM and no matter what I did I couldn’t get the relay response to work. The app was working fine last year, the only change (I thought) was that this year I pointed it at their new Akamai endpoint. I also couldn’t get into my sandbox account so I had to create a new one but I couldn’t think of anything in the new one that would have caused the dreaded error message below:

An error occurred while trying to report this transaction to the merchant…

I thoroughly read through the go-to community post on the subject and it said that ultimately the problem is the Authorize.Net can’t reach my server. So I checked my DNS entries, all public and valid. And then I checked them from multiple networks around the globe and, once again, all valid. I checked my cert, totally fine and not a self-cert. Then I did tail -f on every log file that I could find, access, error, nginx, php-fpm, auth (why not?) and watched and never saw Authorize.Net reaching my server. This usually makes me feel good because I can say something like “it’s you, not me” but not in this case.

Finally, I started to write an email to Authorize.Net explaining the situation, what I tried, what I debugged and as I was explaining my local setup it finally dawned on my that the one weird thing about my dev site compared to live is that the dev site is configured with Mozilla’s modern profile which means TLS1.0 is not enabled. Sure enough, the moment I enabled TLS 1.0 in my Nginx config my relay responses started going through again.