As Microsoft stopped supporting TLS 1.0/1.1, we are not able to send emails using IFS email functionality and getting below error message in “Application Messages” screen.
How can we enable TLS 1.2 in IFS to avoid this error?
This topic has been closed for comments
Userlevel 5
+11
Hi
Is the Cipher suite updated to use TLS1.2 in the middleware server?
Kind regards,
Dinushi
Userlevel 7
+31
Hi
To enable TLSv1.2 and disable TLSv1.1, you just need to run the installer in reconfiguration mode and update the protocols to omit TLSv1.1 which is now considered obsolete.
In installer wizard’s SSL Configuration page, you can specify it in 2 ways.
- Just specify
+TLSv1.2in “Protocols” field. - Specify
ALL -TLSv1.1in “Protocols” field.
Both of these mean the same thing and will disable TLSv1.1, so the application will default to TLSv1.2. Latest TLS version now is TLSv1.3 and IFSAPP9 does not support that yet, to my knowledge. Therefore make sure not to use it. TLSv1.2 still satisfies the security requirements for enterprise applications.
When you disable TLSv1.1, you would also need the following patch:
157136 - IFS EE Runtime Framework Binary Patch 9.0.60.0.
This patch is included in UPD18. Without this, patch, IEE client would fail to download a certain file that is required to identify the application server access point URL(server.xml file). And because of that, the users would have to manually enter the URL in the “Connect to” field and select the language in the login dialog, every time. Therefore, make sure to request this patch as well.
Hope this helps!
Hi
Your answer did not helped at all. The question is about sending emails from IFS_CONNECT (thus using TLSv1.2 as client of email service) and you answered about setting up IFS MWS to use HTTPS when connecting from IEE to MWS.
I have the same problem with customer as per original question and out of despair I tried to setup SSL certificate and reconfigure the instance to use SSL with TLSv1.2. As expected it didn’t help with IFS_CONNECT and the mails are still not being sent.
Do you have any clarification, how setting up SSL certificate in IFS MWS could help IFS_CONNECT to use TLSv1.2?
Thanks.
Miro
Userlevel 5
+11
Hi
Microsoft’s suggestion is to enable TLS 1.2 or enable Legacy TLS using steps mentioned in below url:
Additionally, you can change as bellow in registry editor for TLS 1.2:
Registry location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client
DWORD Name: DisabledByDefault
DWORD value: 0
Also an additional point:
The Middleware server will not support TLS 1.2 as long as the Cipher suite is not updated to use TLS 1.2. Therefore please check the configuration.xml file of your environment (ifshome -> instance ->instance_name -> configuration.xml) and make sure you have updated the Cipher suite, or reconfigure with the updated cypher suite.
Kind regards,
Dinushi
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.