Question

Disabling TLS 1.0, 1.1 SSL2, SSL3 in APPS9 - TAS connection errors

  • 19 April 2021
  • 6 replies
  • 109 views

Userlevel 3
Badge +6

On our Middleware I removed TLS1.1 from the protocol, leaving TLS 1.2 set. When we disabled SSL2, SSL3, TLS 1.0 and TLS1.1 I get errors on our on-premise mobile user connections.

 

Are there additional TAS settings that may be needed to remove old protocols?

 

I appreciate your assistance.

 

Thank you

Marjie


6 replies

Userlevel 6
Badge +9

Hi,

Did you also change the SSL certificate?


You may want to check the SSL settings and bindings in IIS for IFS Touch Apps Server.


Regards,​​​​​​​

Nadeesh

Userlevel 3
Badge +6

Nadeesh;

I was informed the SSL supports TLS1.2 and there are no changes required.

When you speak of IIS bindings - may I ask what you are referring to?

What should I be checking please ?

 

Than kyou,

Marjie

 

 

Userlevel 3
Badge +7

Hi,

Please check the “enabled” SSL/TLS protocols in your Touch Apps Server as well. 
Since you have only allowed, TLS-1.2 in MWS, TAS should also be allowed to communicate with the same protocol.

To check the enabled SSL/TLS protocols in your TAS server, please run a diagnostic by installing the following “IIS Crypto” tool in Touch Apps Server (machine). 

https://www.nartac.com/Products/IISCrypto/

After running the scan, you can modify the SSL/TLS configuration as needed from this tool as well.


Best regards,
Pubudu

Userlevel 3
Badge +6

When we remove SSL2.0 on our dev TAS, the Mobile app stops working, and errors it cannot connect to the TAS even after an IIS reset. Does something need done in the TAS configuration? Any changes required on the ifscloudadmin sql db? The MWS has TLS1.1 & 1.2  established.

The SSL is a wildcard cert supporting TLS1.1 & 1.2, along with SSL2.0 and 3.0

Any suggestions?

btw - than kyou for the feedback on the IIS Crypto app is a very nice tool.

On the dev TAS we have SSL2.0 & TLS1.2 enabled

On the Prod TAS we have SSL2.0, SSL3.0,TLS1.1, TLS1.2 are enabled

Userlevel 3
Badge +7

Hi @CUCSOLUTIONS 

Some IFS mobile apps might be using specific SSL protocols when making connections with MWS via TAS server. May I know which IFS application version this is? Also, what are the mobile apps that seem to be not working when SSL-3 and SSL-2 are disabled?

/Pubudu

Userlevel 3
Badge +6

Pubudu - Its been a very busy couple of weeks trying to get UD17 applied … so I am back to review this again. Here are the details.

APPS9 UD14

TAS info TouchApp Server 1.14.1.74 with configured mWorkOrder 3.9.2 and

here is the info from the Mobile app  3.7 Client 

 

If I disable SSL from the windows registry on the TAS I get an error cannot connect to IFSCloud.

With UD14 our cipher changed from SSL to TLS, so I know the MWS isnt supporting SSL anymore.

Our SSL cert supports the newer protocols as well.

 

We use on Premise TouchApp server along with a sql server to administer the IFScloudAdmin

We have disabled SSL on the sql server with no impact to the mobile capability.

 

 

Any insight is truly appreciated.

Thank you

Reply