You are viewing limited content. For full access, please sign in.

Question

Question

Enforcing TLS 1.2

Updated April 2, 2018
asked on August 11, 2015

Hi,

We recently enforced SSL between client and server by disabling port 80 , modifying listening port to 0 and other documented steps.

We were now asked by our security team to ensure that communication happens only using TLS 1.2 as SSL V3 is deprecated.

https://answers.laserfiche.com/questions/59666/What-version-of-SSL-does-LF-use  post describes how to implement this at a high-level.

Is there any document that describes exact changes that must be performed on

Laserfiche Server ( Application Server ), Workflow Server, Import Agent, License Server, Thick Client and Quick Fields?

We use windows server 2008 r2 and 2012 for different repositories. 

Also, like how LF products specifically disable SSL 2.0 currently, is there any upgrade available that disables SSL 3.0

Best Regards,

Srikanth 

0 0

Answer

APPROVED ANSWER
replied on August 11, 2015 Show version history

Please follow the instructions in https://technet.microsoft.com/en-us/library/security/3009008.aspx under the section "Disable SSL 3.0 in Windows for Server Software". Do this on all machines that have LF server software installed.

1 0

Replies

replied on August 11, 2015 Show version history

If you're making SSL changes on an IIS server, I highly recommend you take a look at IIS Crypto: https://www.nartac.com/Products/IISCrypto

It's free, handles all the obscure registry changes, and makes changing protocols, cipher suites, cipher suite order, hashes, etc. much, much easier and more reliable than doing it manually.

Geoff

3 0
replied on August 12, 2015

Thank you Both. I will try these and update you.

0 0
replied on August 14, 2015

Thank you Michael for the link. Thank you Geoff IISCrypto is very useful in modifying registries . TLS 1.2 is available only in .NetFramework 4.5 . Does LF SDK 9.0 support if we use .Netframework 4.5 and connect using TLS 1.2?

Best Regards,

Srikanth

0 0
View 3 previous replies
replied on August 14, 2015 Show version history

Laserfiche doesn't use .NET classes to implement SSL/TLS for HTTPS. All traffic over port 443 is secured using lower-level Windows components. This is true even for the .NET components in Laserfiche -- they bypass the SSL/TLS implementation in .NET. Therefore, installation or use of .NET 4.5 is not required to use TLS 1.2 with Laserfiche, even when using the .NET components of the LF SDK.

0 0
replied on August 19, 2015

Thank you Michael. We are testing various components after disabling SSLV3. Will update the result on this thread 

0 0
replied on August 21, 2015

Laserfiche Workflow, Import Agent and Client are working after disabling SSLV3 using IISCrypto. 

1 0
replied on April 1, 2018

Dear,

Can you pls mention the steps required for disabling SSL V3 and enable TLS on LF Server side.

Thanks in advance.

0 0
replied on April 2, 2018

Did you follow the link that Michael posted above?  That's Microsoft's official documentation.

0 0
replied on April 2, 2018

Thank you. But this documentation is about disabling SSL V3 in server side. 

After disabling SSL V3, TLS needs to be enabled, which is not specified in that documentation.

Is there any document specifying how to enable TLS after SSL has been disabled?

Thanks in advance

0 0
replied on April 1, 2018

Dear,

Is there a step by step instruction availble from Laserfiche to disable SSL V3 and enable TLS.

Regards

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...