You are viewing limited content. For full access, please sign in.

Question

Question

Laserfiche 11 - How do I force TLS connections between the desktop client and the repository?

Laserfiche
Updated April 8
asked on April 1

I know TLS is working in our environment because I can see the connections in the admin console and almost all of them are using TLS. What do I do about the ones that aren't?

I know all I have to do is make sure they check the 'Use TLS Connection' box when they attach a repository:

But seems like there should be a way to refuse the connection if they don't check the box. I just don't want to leave the option in the user's hands for obvious reasons. Is there some setting in the admin console or something server side that could force a TLS connection?

0 0

Replies

replied on April 2 Show version history

But seems like there should be a way to refuse the connection if they don't check the box.

A firewall rule on the Laserfiche Server machine blocking incoming traffic on TCP port 80 will accomplish this. Laserfiche clients by default connect to Laserfiche Server on port 80 when TLS is not checked, and on port 443 when it is.

Laserfiche Server does not have "HTTPS redirection" in the same way the browser-based web applications like Forms and Web Client do.

1 0
View 3 previous replies
replied on April 2 Show version history

I should also add that you can "deploy" repository registrations to Windows Client users with registry keys that include having TLS enabled. You can similarly "push out" enabling TLS to existing users.

The relevant key is called "UseSSL" with type REG_SZ and a value of "Yes". This key goes under registry path:

Computer\HKEY_CURRENT_USER\SOFTWARE\Laserfiche\Client8\Profile\[RepositoryName]Settings\

Where [RepositoryName] is the actual name of the repository. If the key hasn't been set, it will not appear.

1 0
replied on April 3 Show version history

Would using the URL Rewrite module and redirecting all port 80 traffic to port 443 do the trick? I know it would for web browser traffic but I'm not sure if it works the same way for the desktop client.

 

EDIT: Or is that just how Forms and the Web Client is already doing it?

0 0
replied on April 3

I'm not 100% sure on this, I don't believe it would work because while traffic to Laserfiche Server goes over tcp ports 80/443, it does not go through the IIS evaluation pipeline and thus could not invoke the URL Rewrite Module.

2 0
replied on April 3

Is this a Windows Communication Foundation thing?

0 0
replied on April 3

No, WCF is not used when communicating with the Laserfiche server.

2 0
replied on April 8

Is there any downside to blocking port 80 at the firewall. What does this Listening Port do and can it be set to something like 443 instead of port 80?

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...