Question

Disabling RC4, 3DES and TLS 1.0 & 1.1

Administration Security Laserfiche

Updated December 1, 2021

asked on December 1, 2021

Hi All,

One of our customers is looking for confirmation from Laserfiche on if disabling RC4, 3DES and TLS less than 1.2 on the Laserfiche servers will have any impact on Laserfiche?

I'm assuming as long as TLS 1.2 is enabled as outlined here there shouldn't be any impact.

Please can LF confirm this is the case?

Thanks!

0 0

Answer

SELECTED ANSWER

replied on December 1, 2021

There were some issues with selecting the correct protocol in our shared libraries. For the .Net ones, setting the registry should take care of it, but for applications relying on COM, there's no fix. (for the record, .Net library is Laserfiche.RepositoryAccess, used in the web client, Workflow, etc, while the COM one is LFSO, used in the desktop client, Scanning and Snapshot). We currently have no plans to patch older versions.

I would very strongly recommend you upgrade to 10.4.3 or 11.

0 0

Replies

replied on December 1, 2021

Yes, assuming you're on Laserfiche 10.4.2 or higher. You'll also want to apply the patches listed in this thread.

Laserfiche 11 does not require the extra configuration mentioned in KB 1013919.

0 0

replied on December 1, 2021

Thanks for the swift response Miruna, the customer is using 10.3.1, what are the implications here?

0 0

SELECTED ANSWER

replied on December 1, 2021

I would very strongly recommend you upgrade to 10.4.3 or 11.

0 0

replied on December 1, 2021

Thanks Miruna.

0 0

You are not allowed to follow up in this post.

Question

Question

Disabling RC4, 3DES and TLS 1.0 & 1.1

Answer

Replies

Sign in to reply to this post.