Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-10288: Deprecation of TLS 1.0

Centrify Identity Service, App Edition ,  

10 May,18 at 03:18 PM

Question:  

What is the impact of Centrify deprecating TLS 1.0 support?



Solution:  

The below information contains the details of the impact for deprecating TLS 1.0. 



General

In order to support our mission to protect customers, provide a secure service, and to align with minimum PCI DSS standards, Centrify will be updating the minimum TLS protocol required to connect to the Centrify Cloud Platform to TLS 1.1 as of 18.5 (tentatively scheduled for May 19, 2018). The previous minimum was TLS 1.0.  The PCI DSS standards are available here.
 


Impact on Connectors

Connectors running on machines with Windows Server 2008 R2 or older must have support for newer TLS protocols enabled.  If the connector version is at least 18.5, no direct action is necessary as TLS 1.1 and 1.2 support are enabled automatically.  For older connector versions, you must manually enable support, please refer to here then restart the connector service.

A connector running without support for newer TLS protocols will go offline when TLS 1.0 support is removed in 18.6.
 


Impact on Users

All web browsers used to access the service must support newer TLS protocols, to verify your browsers compatibility use it to browse to https://www.ssllabs.com/ssltest/viewMyClient.html and verify that the “Protocol Features” section lists TLS 1.1 or higher as “Yes”.

Customers will need to ensure that their browsers support current protocol standards, specifically TLS 1.1 and 1.2.  As a courtesy, the below links are provided for detecting browser TLS compatibility:

i.   https://www.ssllabs.com/ssltest/viewMyClient.html ( TLS 1.1 and 1.2 should equal to ‘Yes’)
ii.  https://www.howsmyssl.com (Version should be at least TLS 1.1 and BEAST Vulnerability section should state “GOOD”)
iii. https://caniuse.com/#feat=tls1-2 ( Browser versions that support TLS 1.2)



Impact on the Centrify Browser Extension

For Internet Explorer, customers would need to upgrade the Centrify Browser Extension to version 18.5 prior to  the deprecation TLS 1.0 support in 18.6. TLS 1.1 and 1.2 are not supported by older .NET versions, therefore we’ve added a dependency on .NET 4.6.2 to the Internet Explorer CBE for 18.5. 

Customers will need to upgrade to .NET 4.6.2 for the dependency as part of installing 18.5 CBE for Internet Explorer. The .NET Framework 4.6.2 supports TLS 1.1 and TLS 1.2. To update to .NET Framework 4.6.2, go here.



Impact on Integrations and API Users

C# and PowerShell scripts which integrate using the Cloud Service API’s on certain versions of the .NET runtime will need to explicitly enable newer TLS protocols:

C# : System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
PowerShell: [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12




 

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.