Revision as of 10:48, August 12, 2021 by Sandhya.ravindran@genesys.com (talk | contribs) (Replaced content with "=TLS Feature Support Matrix= Genesys is continually updating TLS implementations to keep up with latest revisions and best practice recommendations while enabling configur...")
Jump to: navigation, search

TLS Feature Support Matrix

Genesys is continually updating TLS implementations to keep up with latest revisions and best practice recommendations while enabling configurability to maintain a high degree of backward compatibility and allow customers to tune the protocol to their own security preferences. The below table outlines for specific interconnections between Genesys products, compatibility with some key considerations around the TLS protocol.

How to read this table:

  • Product (acting as client): This indicates for a given connection the product which is connecting to another Genesys product (the client).
  • Product connections (acting as server): This indicates to which product is being connected (the server).

Thus, each line defines a unique connection between two Genesys products.

The remaining columns indicate current support levels for attributes of this connection as indicated below:

  • TLS 1.2 Support Release #: This column indicates the minimum version of the server-side component necessary to support version 1.2 of the TLS protocol.
  • sec-protocol option support: TLS relies on a handshake (mutual agreement) between client and server to select protocol version to use. This column indicates whether this product can be configured, for this connection, using option sec-protocol to control which protocol versions may be offered in handshaking process. See Advanced TLS for more details.
  • Mutual TLS Support: This column indicates whether in addition to server offering certificate to the client in the connection, the client may also offer certificate to the server (mutual certificate exchange). See Securing Connections using TLS for an example of configuring a connection for mutual certificate exchange.
  • Host configuration to Message Server: Typically, TLS settings can be configured explicitly for each connection, or for convenience at application or host level. However, in earlier implementations connections to Message Server would not leverage TLS settings unless configured at the explicit connection. This column indicates whether when product connects to Message Server whether Host level configuration can be used.
  • FIPS 140-2: This column indicates whether there is optional configuration that leverages a FIPS 140-2 validated cryptographic module for this product’s side of connection. See Federal Information Processing Standards for more details.
  • Compatible with SHA-2 certificates: This column indicates if server certificate can be SHA-2 signed. SHA-2 is preferred over earlier signing algorithms such as MD5 or SHA1.
  • Refer to Security Pack 8.5.100.25 for information on OpenSSL version 1.1.1g, TLS 1.3, and SAN certificate.


Comments or questions about this documentation? Contact us for support!