Service aide Serviceaide is retiring Transport Layer Security (TLS) 1.0 and TLS 1.1 and continuing support TLS 1.2 for Intelligent Service Management (ISM) and Luma.
Why this change?
TLS 1.0 and TLS 1.1 are out-of-date protocols that do not support modern cryptographic algorithms, and they contain security vulnerabilities that may be exploited by attackers
What does this Mean?
Serviceaide has announced that TLS 1.0 and TLS 1.1 are out-of-date protocols that do not support modern cryptographic algorithms, and they contain security vulnerabilities that may be exploited by attackers. Support for TLS 1.0 and 1.1 will be deprecated soon will continue to support TLS 1.2 protocols.
How does this impact me?
When and on which environments this change will occur?
This change will happen along with ISM August Maintenance release i.e on 22-Aug-2020. TLS protocols TLS 1.0 & 1.1 versions will be disabled from all our customer-facing environments viz. CSM3, CSM2 production, staging, and trial environments.
What is the impact on customers?
This impacts our customers who have integrated 3rd party applications to ISM/Luma using TLS 1.0 or TLS 1.1 protocols using SOAP Webservices. They will have to upgrade their clients via which they are connecting to ISM/Luma. They need to ensure they do their testing in the staging environment.
Accessing ISM/Luma application using Browser
API Integration Outbound and Inbound
ADSync Utility
Asset Discovery Configuration
Accessing ISM/Luma application using Browser
Google, Microsoft, Apple, and Mozilla have also announced that their browsers will no longer support TLS 1.0 and TLS 1.1 as of March 2020. So, below browsers will not work with ISM application after the deprecation:
Firefox 27
Chrome 30
IE 11 on Windows 7
Edge
Opera 17
Safari 9
...
Action Required
Upgrade your browser to the latest versions to continue using ISM/Luma application. Below is the information on compatible browsers with the application:
ISM: https://serviceaide.atlassian.net/wiki/spaces/CloudSMGoldfish/pages/2965397/Compatibility+Matrix
Luma: https://serviceaide.atlassian.net/wiki/spaces/LUMA/pages/756646032/Compatibility+Matrix
API Integration Outbound and Inbound
API (inbound) Integrations
If you have any API Integrations, please ensure that TLS 1.2 encryption protocols are enabled connecting from third party systems to ISM/Luma which will be supporting only TLS v1.2 protocol, please ensure the appropriate Java versions are used in those integrations.
Action Required for API (Inbound) Integrations
Your integrations that use inbound connections to Serviceaide ISM / Luma, please ensure that TLS 1.2 encryption protocols are enabled in those integrations. Otherwise, the integrations may experience disruption after the upgrade is done at ISM/Luma. We recommend that you begin planning to upgrade to TLS 1supported Java version which supports TLSv1.2 as soon as possible.
If you have any API Integrations, please refer to the compatibility guidelines below:
...
Property | Description |
jdk.tls.client.protocols | Controls the underlying platform TLS implementation. Additional information is available in the JSSE Reference Guide. Example: -Djdk.tls.client.protocols=TLSv1.1,TLSv1.2 Available in all JDK 8 releases, or after Java 7 update 95 (January 2016) and Java 6 update 121 (July 2016). |
https.protocols | Controls the protocol version used by Java clients which obtain https connections through use of the HttpsURLConnection class or via URL.openStream() operations. For older versions, this can update the default in case your Java 7 client wants to use TLS 1.2 as its default. Example: -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 |
API (Outbound) Integrations
If you have any Outbound Integration configured in ISM/Luma, which means connecting from ISM/Luma to any third-party system using Web services, validate if the endpoint web service only supports TLS v1.2 protocol. We have made support for outgoing web services to call all TLS protocols (TLSv1.0, TLSv1.1, and TLSv1.2).
Action Required for API (outbound) Integrations
Your integrations that use outbound connections should be validated.
AD Sync Utility
If you have configured AD Sync to sync the contacts from AD/LDAP Systems to ISM/Luma, ensure that the java JRE used is Java 1.8 and above. Otherwise, JRE 1.7 requires Java 7 update 95 (January 2016) or Java 6 update 121 (July 2016).
Action Required for ADSync Utility
For integrations that use ADSync utility validate and verify in Staging that the functionality works.
Asset Discovery Integration
If you have Asset Integration, download the new package that supports TLSv1.2 and update all the Asset connector environments before the production rollout to ensure the connectivity.
Action Required for Asset Integration
For integrations that use Asset Discovery, download the latest package, upgrade the Asset Discovery Manager, and test the functionality in staging.