End of Support for older TLS versions

End of Support for older TLS versions

In order to keep your communication with ServiceDesk Plus (Cloud) more secure, we will be retiring the support for older TLS versions 1.0 and 1.1 by 31 August 2018, and you need to upgrade to TLS v1.2 to enjoy uninterrupted and secure transfer of data.

What is SSL/Early TLS?

Transport Layer Security (TLS), formerly Secure Sockets Layer (SSL), is the old security standard for setting up connections between systems. It requires encrypting information in transit to ensure privacy, and authenticating the systems involved to make sure information doesn’t end up in the wrong hands.

Why is the update necessary?


Older TLS versions don’t meet security standards anymore. They have some vulnerabilities without viable solutions, so they’re being replaced with a set of more secure protocols.
According to PCI standards, TLS v1.2 is the most advanced protocol yet, as it eliminates the vulnerabilities faced by the previous versions, i.e, TLS v1.0 and v1.1. Everyone who uses secure servers and browsers to access the data and API from ServiceDesk Plus (Cloud), are expected to make this update to protect their data security.

What is your part as an end user ?

 

Web User:
As an end user, if you are accessing our applications from any web browser, it must belong to one of the following specifications to support TLS 1.2
  • Internet Explorer version 11 or above ( For IE 9 & IE 10 settings should be changed to enable TLS1.2 )

  • Google Chrome version 30 or above

  • Mozilla Firefox 27 or above

 

You can also use this  link to test if your browser supports TLS v1.2. 

Mobile User:

If you access our applications through a mobile platform, it must belong to the following specifications:

  • Google Android version 4.1 or above

  • iOS 5.1 or above

  • Windows Phone 8.1 or above 


API User:
 

If you are using any of the following programming languages, they must be upgraded to communicate with our API :

  • Java 6u45

  • Java 7u25

  • OpenSSL 0.9.8y

  • .NET 4.5 and below

  • .NET 4.5 (settings should be changed to enable TLS 1.2)

 

Probe & Provisioning tools

To get your Probe and Provisioning tools to support TLS 1.2 you must perform the following actions:

Upgrade machines installed with Probe and Provisioning tools to .NET framework 4.5 (Operating systems such as Windows 8, Windows 2012, and their higher versions come with the latest framework.)

ServiceDesk Plus On-Demand provides automatic and manual installation of .NET framework 4.5 in your machines. The application will display a banner prompting you to initiate the automatic installation. For automatic installation, the installation status will be shown under "System Log" in ServiceDesk Plus OnDemand.

Probe list view will also display the .NET framework version available in individual machines.

You can also download the framework from https://www.microsoft.com/en-in/download/details.aspx?id=42642 and manually install it on Probe / Provisioning machines.

 

Please note that, the current Probe & Provisioning tools are built over .NET 2.0 and they will fail to work if TLS 1.1 is disabled in our grid. So please install .NET 4.5 and keep the Probe & Provisioning tool machines ready. We will be releasing an automatic update for Probe & Provisioning tools that are built over .NET 4.5.

You can also download the probe and provisioning tools built over .NET 4.5 from the following links. 

Probe

Provisioning Tool

If you have updated your Probe & Provisioning tools from the above links, you do not need to take any further action.

Please note If you are not using Probe or Provisioning tools, you can ignore the banner message shown for Probe / Provisioning tool


Regards,
Sriram KS