TLS Protocol Support
If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority. 30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises. This page provides general information relevant to Genesys products' support for TLS 1.2.Configuration Server
| Product | Product Connections | TLS 1.2 Support Release # | Compatible with SHA2 certificates | Conditions | |||
| Management Framework | Configuration Server | 8.5.100.22 | Yes | Yes | |||
| Message Server | 8.5.100.13 | Yes | |||||
| SCS | 8.5.100.17 | Yes | |||||
| LCA | 8.5.100.20 | Yes | |||||
| CS Proxy | 8.5.100.22 | Yes | |||||
| DB Server | 8.1.300.06 | Yes | |||||
|
|
8.5.300.01 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
| Chat Server | 8.5.107.11 |
| |||||
| Interaction Server | 8.5.109.01 |
| |||||
| Email Server | 8.5.104.06 |
| |||||
| Local Control Agent | 8.5.100.20 |
| |||||
| Social Media Server | 8.5.400.03 |
| |||||
|
|
8.5.104.06 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
| Interaction Server | 8.5.109.01 |
| |||||
| Universal Contact Server | 8.5.100.19 |
| |||||
| . | 8.5.400.03 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
| Universal Contact Server | 8.5.100.19 |
| |||||
| Interaction Server | 8.5.109.01 |
| |||||
|
|
8.5.100.04 |
| |||||
| UCS | 8.5.100.19 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
|
|
8.1.010.30 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
|
|
8.1.508.02 |
| |||||
| Message Server | 8.5.100.13 |
| |||||
| Configuration Server | 8.5.100.22 |
| |||||
| SIP Server | 8.1.102.58 |
| |||||
| Avaya T-Server | 8.1.010.30 |
| |||||
| Interaction Server | 8.5.109.01 |
| |||||
| DB Server | 8.1.300.06 |
| |||||
| Stat Server | 8.5.102.00 |
| |||||
| Orchestration Server |
|
8.1.400.58 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Universal Routing Server | 8.1.400.22 |
| ||||
|
|
Stat Server | 8.5.107.00 |
| ||||
|
|
SIP Server | 8.1.102.58 |
| ||||
|
|
Interaction Server | 8.5.109.01 |
| ||||
| Interaction Concentrator |
|
8.1.514.03 |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
DB Server | 8.1.301.03 |
| ||||
|
|
SIP Server | 8.1.102.58 |
| ||||
|
|
Outbound Contact Server | 8.1.508.00 |
| ||||
|
|
Interaction Server | 8.5.109.01 |
| ||||
| Classification Server |
|
8.5.300.01 |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Configuration Server Proxy | 8.5.100.22 |
|
| |||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Universal Contact Server | 8.5.100.19 |
| ||||
|
|
Local Control Agent | 8.5.100.20 |
| ||||
| Interaction Server |
|
8.5.110.01 |
|
Interaction Server was verified on: Linux 64 and Windows 2008R | |||
|
|
Client to: |
| |||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Configuration Server Proxy | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Local Control Agent | 8.5.100.20 |
| ||||
|
|
Universal Contact Server | 8.5.100.19 |
| ||||
|
|
DB Server | 8.1.301.03 |
| ||||
|
|
Chat Server | 8.5.107.11 |
| ||||
|
|
Social Media Server | 8.5.400.03 |
| ||||
|
|
Classification Server | 8.5.300.01 |
| ||||
|
|
Email Server | 8.5.104.06 |
| ||||
|
|
Server to: |
| |||||
|
|
Interaction Proxy | 8.5.110.01 |
| ||||
|
|
Orchestration Server | 8.1.400.58 |
| ||||
|
|
Interaction Concentrator | 8.1.514.03 |
| ||||
|
|
Universal Routing Server | 8.1.400.22 |
| ||||
|
|
Outbound Contact Server | 8.1.508.00 |
| ||||
|
|
Stat Server | 8.5.107.03 |
| ||||
|
|
Email Server | 8.5.104.06 |
| ||||
|
|
Social Media Server | 8.5.400.03 |
| ||||
|
|
Chat Server | 8.5.107.11 |
| ||||
| Chat Server |
|
8.5.109.05 |
|
|
| ||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Interaction Server | 8.5.110.01 |
| ||||
|
|
Universal Contact Server | 8.5.200.19 |
| ||||
|
|
Cassandra | 2.28 |
| ||||
| Digital Messaging Server with WeChat driver |
|
9.000.03 | Digital Messaging Server supports only one port "default" with Listening Mode = secured
| ||||
|
|
Client to: |
| |||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Solution Control Server | 8.5.100.17 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Universal Contact Server | 8.5.200.19 |
| ||||
|
|
Interaction Server | 8.5.110.01 |
| ||||
|
|
Chat Server | 8.5.109.05 |
| ||||
|
|
Server to: |
| |||||
|
|
Interaction Server | 8.5.110.01 |
| ||||
| Interaction Server Proxy |
|
8.5.110.01 |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Interaction Server | 8.5.110.01 |
| ||||
| Web Services and Applications |
|
8.5.201.85 | * Simple TLS ONLY.
GWS CA Trusted certificate must be configured in application.yaml file only: (GWS do not read configuration from CME)serverSettings: caCertificate: /usr/local/genesys/cacert/ca_cert.pem
onPremiseSettings: <br>cmeHost: fmk<br>cmePort: 2021<br>tlsEnabled: true | ||||
|
|
Configuration Server | 8.5.101.08 | |||||
|
|
Interaction Server | 8.5.107.11 | |||||
|
|
Universal Contact Server | 8.5.200.10 | |||||
|
|
Chat Server | 8.5.109.06 | |||||
|
|
SIP Server | 8.1.102.58 | |||||
| Genesys Mobile Engagement |
|
8.5.107.19 |
|
|
| ||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
Statistics Server | 8.5.102.22 |
| ||||
|
|
Cassandra | 2.28 |
| ||||
|
|
Chat Server | 8.5.105.05 | Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true
| ||||
|
|
Universal Contact Server | 8.5.200.10 | TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).
| ||||
|
|
Email Server | 8.5.104.06 | You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
| ||||
|
|
Orchestration Server | 8.1.400.53 | You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true). | ||||
|
|
Web API Server |
|
You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true). | ||||
|
|
Solution Control Server | 8.5.100.17 |
| ||||
|
|
Universal Routing Server | 8.1.400.22 | You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
| ||||
| Co-browse |
|
8.5.000 |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
| ||||
|
|
External Cassandra | 8.5.100 |
| ||||
| Workforce Management |
|
|
|
| |||
|
|
WFM Server | 8.5.207.09 |
| ||||
|
|
WFM Builder | 8.5.207.05 |
| ||||
|
|
WFM Demon | 8.5.207.01 |
| ||||
|
|
WFM Web | 8.1.301.02 |
| ||||
|
|
WFM Aggregator | 8.5.203.00 |
| ||||
|
|
WFM DB Server | 8.1.301.02 |
|
| |||
| GVP Resource Manager |
|
8.5.175.95 |
|
|
| ||
|
|
SIP Server | 8.1.102.58 |
| ||||
|
|
Media Control Platform | 8.5.176.05 |
| ||||
|
|
CTI Connector | 9.0.010.07 |
| ||||
|
|
Reporting Server | 8.5.181.77 |
|
| |||
|
|
RM Internode | Not Applicable |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
|
|
Message Server | 8.5.100.13 |
|
| |||
| GVP Supplementary Services Gateway |
|
Not Applicable |
|
|
| ||
|
|
SIP Server | Not Applicable |
|
|
| ||
|
|
HTTPS (Client) | Not Applicable |
|
|
| ||
|
|
Configuration Server | Not Applicable |
|
|
| ||
|
|
Message Server | Not Applicable |
|
|
| ||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
| Voice Platform Media Control Platform |
|
8.5.176.05 |
|
|
| ||
|
|
Resource Manager | 8.5.175.95 |
| ||||
|
|
Reporting Server | 8.5.181.77 |
|
| |||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
|
|
Message Server | 8.5.100.13 |
|
| |||
|
|
HTTPS (Client) | 8.5.176.05 |
| ||||
|
|
ASR/TTS (MRCP v2 Nuance) | 8.5.176.05 |
| ||||
|
|
ASR/TTS(MRCP v1 Nuance/MRCPP) | Not Applicable | Not Applicable | Not Applicable |
| ||
| GVP MRCP Proxy |
|
8.5.184.42 |
|
|
| ||
|
|
Reporting Server | 8.5.181.77 |
|
| |||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
|
|
Message Server | 8.5.100.13 |
|
| |||
|
|
MRCP ASR/TTS | Not Applicable |
| ||||
|
|
MRCP Client | Not Applicable |
| ||||
| GVP CCP |
|
Not Applicable |
| ||||
|
|
Resource Manager | Not Applicable |
| ||||
|
|
Configuration Server | Not Applicable |
| ||||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
|
|
Message Server | Not Applicable |
| ||||
|
|
HTTPS(client) | Not Applicable |
| ||||
| GVP UCMConnector
(T-Server-CUCM to Media Server Connector) |
|
8.5.184.06 |
|
|
| ||
|
|
Resource Manager | 8.5.175.95 |
|
| |||
|
|
T-Server | Not Applicable |
| ||||
|
|
Configuration Server | 8.5.100.22 |
| ||||
|
|
Message Server | 8.5.100.13 |
|
|
| ||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
| GVP Policy Server |
|
|
| ||||
|
|
Configuration Server |
|
| ||||
|
|
HTTPS |
|
| ||||
|
|
Genesys Administrator UI |
|
| ||||
|
|
Message Server |
|
| ||||
|
|
Local Control Agent | Not Applicable | Not Applicable | Not Applicable |
| ||
| GVP CTIConnector |
|
|
|
|
| ||
|
|
IVR Server | 9.0.010.07 |
| ||||
|
|
Cisco UCM | Not Applicable |
|
| |||
|
|
Configuration Server | 9.0.010.07 |
| ||||
|
|
Resource Manager | 9.0.010.07 |
| ||||
|
|
Message Server | 9.0.010.07 |
| ||||
| GVP Reporting Server |
|
|
|
|
| ||
|
|
Configuration Server | 9.0.010.62 |
|
|
| ||
|
|
Database | 9.0.010.62
|
|
|
Oracle database - Oracle 12c RAC -Mutual TLS
SQL Server 2012 - Simple TLS | ||
|
|
HTTPS | 9.0.010.62 |
|
|
Java level TLS protocol option support
| ||
|
|
RC (Active MQ) | 9.0.010.62 |
|
|
| ||
|
|
Message Server | 9.0.010.62 |
|
|
Java level TLS protocol option support | ||
| WD Manager
9.0.004.07 |
Configuration Server | 8.1.300.24 | |||||
| MS | 8.5.100.03 |
|
|
||||
| iWD HistoryNode | 9.0.004.07 |
|
|
||||
| IS | 8.5.105.04 |
|
|
||||
| UCS | 8.5.300.09 |
|
|
||||
| iWD HistoryNode
9.0.004.07
|
Configuration Server | 8.1.300.24 |
|
|
|||
| MS | 8.5.100.03 |
|
|
||||
| JMSQ |
|
|
|||||
| iWD RuntimeNode
9.0.004.07 |
Configuration Server | 8.1.300.24 | |||||
| MS | 8.5.100.03 |
|
|
||||
| iWD HistoryNode | 9.0.004.07 |
|
|
||||
| iWD Web
9.0.004.01 |
Configuration Server | 8.1.300.24 | |||||
| MS | 8.5.100.03 |
|
|
||||
| IS | 8.5.105.04 |
|
|
||||
| iWD Web CapturePoint | 9.0.003.07 |
|
|
||||
| Browser | iWD Web | 9.0.004.01 |
|
|
|||
| iWD Manager | 9.0.004.07 |
|
|
||||
| iWD GAX Plugin | iWD RuntimeNode | 9.0.004.07 |
|
|
|||
| LDS TProxy2
8.1.1005.02
|
|
||||||
| Configuration Server | 8.5.100.25 | Yes | Yes | ||||
| MS | 8.5.100.11 | Yes | Yes | ||||
| SIP Server | 8.1.101.79 | Yes | Yes | ||||
| LDS TProxy2
8.1.005.02 |
LDS TProxy1 | 8.1.005.02 | Yes | Yes | |||
| LDS TProxy1 bkp | 8.1.100.02 | Yes | Yes | ||||
| Configuration Server | 8.5.100.25 | Yes | Yes | ||||
| MS | 8.5.100.11 | Yes | Yes | ||||
| URS
8.1.400.28 |
LDS TProxy2 | 8.10.005.02 | Yes | Yes | |||
| LDS TProxy1 bkp | Configuration Server | 8.5.100.25 | Yes | Yes | |||
| MS | 8.5.100.11 | Yes | Yes | ||||
| SIP Server | 8.1.101.79 | Yes | Yes | ||||
| GAX | 8.5.290.09 | Yes | Yes | For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.
For connections to other servers, if using Java 7. set -Djdk.tls.client.protocols=TLSv1.2. For Java 8 this is not needed as TLS1.2 is the default. | |||
| Configuration Server | 8.5.101.16 | Yes | Yes | ||||
| SCS | 8.5.100.26 | Yes | Yes | ||||
| MS-SQL Database | SQLServer 2014, SQLServer 2016, SQLServer 2012 | Yes | Yes | ||||