What is the impact of Centrify deprecating TLS 1.0 support?Solution:
The below information contains the details of the impact for deprecating TLS 1.0. General
In order to support our mission to protect customers, provide a secure service, and to align with minimum PCI DSS standards, Centrify will be updating the minimum TLS protocol required to connect to the Centrify Cloud Platform to TLS 1.1 as of 18.5 (tentatively scheduled for May 19, 2018).
The previous minimum was TLS 1.0. The PCI DSS standards are available here
. Impact on Connectors
Connectors running on machines with Windows Server 2008 R2 or older must have support for newer TLS protocols enabled. If the connector version is at least 18.5, no direct action is necessary as TLS 1.1 and 1.2 support are enabled automatically. For older connector versions, you must manually enable support, please refer to here
then restart the connector service.
A connector running without support for newer TLS protocols will go offline when TLS 1.0 support is removed in 18.6. Impact on Users
All web browsers used to access the service must support newer TLS protocols, to verify your browsers compatibility use it to browse to https://www.ssllabs.com/ssltest/viewMyClient.html
and verify that the “Protocol Features” section lists TLS 1.1 or higher as “Yes”.
Customers will need to ensure that their browsers support current protocol standards, specifically TLS 1.1 and 1.2. As a courtesy, the below links are provided for detecting browser TLS compatibility:i. https://www.ssllabs.com/ssltest/viewMyClient.html
( TLS 1.1 and 1.2 should equal to ‘Yes’)ii. https://www.howsmyssl.com
(Version should be at least TLS 1.1 and BEAST Vulnerability section should state “GOOD”)iii. https://caniuse.com/#feat=tls1-2
( Browser versions that support TLS 1.2)Impact on the Centrify Browser Extension
For Internet Explorer, customers would need to upgrade the Centrify Browser Extension to version 18.5 prior to the deprecation TLS 1.0 support in 18.6. TLS 1.1 and 1.2 are not supported by older .NET versions, therefore we’ve added a dependency on .NET 4.6.2 to the Internet Explorer CBE for 18.5.
Customers will need to upgrade to .NET 4.6.2 for the dependency as part of installing 18.5 CBE for Internet Explorer. The .NET Framework 4.6.2 supports TLS 1.1 and TLS 1.2. To update to .NET Framework 4.6.2, go here
.Impact on Integrations and API Users
C# and PowerShell scripts which integrate using the Cloud Service API’s on certain versions of the .NET runtime will need to explicitly enable newer TLS protocols:C# : System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;PowerShell: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12