The Swish server requires TLS 1.1 or higher.
The merchant must be able to receive the callback HTTPS POST request from the Swish server over TLS. The callback endpoint has to use HTTPS on port 443 and it is highly recommended to use IP filtering as well. For the callback Swish will be acting client and the merchant server is acting server. Swish will validate the merchant callback server TLS certificate against a list of commonly recognized CAs.
For now that Swish API does not support Server Name Indication (SNI) for the callback functionality.