PCI Mandate

The Payment Card Industry (“PCI”) counsel, as well as Visa and MasterCard, have issued a mandate that all merchants and service providers configure their systems in a manner to ensure secure connections between relevant systems.

In support of this PCI mandate, Sabre will disable the ability to connect to the Sabre APIs using encryption protocol SSLv3.0, and all versions of Transport Layer Security (TLS) prior to version 1.2. In addition, Sabre will no longer support communication with Ciphers using keys with less than 128 bits as of the PCI TLS security mandate date, currently scheduled for June 30, 2018.

As part of this initiative Sabre will discontinue access to legacy URLs used to connect to the Sabre APIs in TSTS, CERT and PROD environments. Starting on June 30, 2018, Sabre will only support TLS v1.2 (and higher) encryption methods via the latest endpoints posted in our environments page.

Please see the full details of affected URLs/IPs and latest dates in our API Versioning page.

These changes apply to all Customers using HTTPS connections to any of the Sabre API URLs. The table below identifies the recommended Encryption protocols and Ciphers that should be utilized.  Once the changes are implemented, any communication that cannot negotiate to TLS v1.2 or is using an unsupported Cipher will be rejected.  Customers should work with their IT organizations to determine what actions are required to comply with this industry mandate, including applications and systems beyond those connecting to Sabre.  


Supported Encryption Protocols

TLSv1.2 and higher


Supported Cypher

Strong ciphers with key lengths >= 128 bits must be used

Unsupported Encryption Protocols

Secure Sockets Layer (SSL) versions 1.0, 2.0,and 3.0

Transport Layer Security (TLS) versions 1.0 and 1.1

Unsupported Cypher


SSL to TLS Migration

Migration Guide
PCI Mandate FAQ

Industry mandate references

PCI Council
United States Computer Emergency Readiness Team

Docs Navigation