Revision as of 05:53, August 13, 2018 by Xavier (talk | contribs) (Update with the copy of version: 8.5.xDraft)
Jump to: navigation, search

TLS Security Protocol Support

If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority.

30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises.

This page provides general information relevant to Genesys products' support for TLS 1.2.

Product Product Connections TLS 1.2 Support Release # Compatible with SHA2 certificates
Sec-Protocol Option Support
 Conditions
Universal Contact Server




8.5.300.01
Yes
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




Chat Server 8.5.107.11
Yes




Interaction Server 8.5.109.01
Yes




Email Server 8.5.104.06
Yes




Local Control Agent 8.5.100.20
Yes




Social Media Server 8.5.400.03
Yes




Email Server




8.5.104.06
Yes
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




Interaction Server 8.5.109.01
Yes




Universal Contact Server 8.5.100.19
Yes




Social Media Server
 . 8.5.400.03
Yes
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




Universal Contact Server 8.5.100.19
Yes




Interaction Server 8.5.109.01
Yes




Universal Contact Server Proxy




8.5.100.04
Yes
Yes




UCS 8.5.100.19
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




T-Server for Avaya Communication Manager




8.1.010.30
Yes
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




ISCC 8.1.010.30
Yes




High Availability 8.1.010.30
Yes




Outbound Contact Server




8.1.508.02
Yes
Yes
v.8.1.508.01+




Message Server 8.5.100.13
Yes




Configuration Sever 8.5.100.22
Yes




SIP Server 8.1.102.58
Yes




Avaya T-Server 8.1.010.30
Yes




Interaction Server 8.5.109.01
Yes




DB Server 8.1.300.06
Yes




Stat Server 8.5.102.00
Yes




Orchestration Server




8.1.400.58
Yes
Yes







Message Server 8.5.100.13
Yes







Configuration Sever 8.5.100.22
Yes







Universal Routing Server 8.1.400.22
Yes







Stat Server 8.5.107.00
Yes







SIP 8.1.102.58
Yes







Interaction Server 8.5.109.01
Yes




Interaction Concentrator




8.1.514.03
Yes
Yes







Configuration Sever 8.5.100.22
Yes







Message Server 8.5.100.13
Yes







DB Server 8.1.301.03
Yes







SIP 8.1.102.58
Yes







Outbound Contact Server 8.1.508.00
Yes







Interaction Server 8.5.109.01
Yes




Classification Server




8.5.300.01
Yes
Yes







Configuration Sever 8.5.100.22
Yes







Configuration Server Proxy 8.5.100.22










Message Server 8.5.100.13
Yes







Universal Contact Server 8.5.100.19
Yes







Local Control Agent 8.5.100.20
Yes




Interaction Server




8.5.110.01




Yes
 Interaction Server was verified on: Linux 64 and Windows 2008R




Client to:







Configuration Sever 8.5.100.22
Yes
Yes







Configuration Server Proxy 8.5.100.22
Yes







Message Server 8.5.100.13
Yes







Local Control Agent 8.5.100.20
Yes







Universal Contact Server 8.5.100.19
Yes







DB Server 8.1.301.03
Yes







Chat Server 8.5.107.11
Yes







Social Media Server 8.5.400.03
Yes







Classification Server 8.5.300.01
Yes







Email Server 8.5.104.06
Yes







Server to:







Inx Proxy 8.5.110.01
Yes
Yes







Orchestration Server 8.1.400.58
Yes







Interaction Concentrator 8.1.514.03
Yes







Universal Routing Server 8.1.400.22
Yes







Outbound Contact Server 8.1.508.00
Yes







Stat Server 8.5.107.03
Yes







Email Server 8.5.104.06
Yes







Social Media Server 8.5.400.03
Yes







Chat Server 8.5.107.11
Yes




Chat Server




8.5.109.05













Configuration Sever 8.5.100.22
Yes
Yes







Message Server 8.5.100.13
Yes







Interaction Server 8.5.110.01
Yes







Universal Contact Server 8.5.200.19
Yes







Cassandra 2.28
Yes




Digital Messaging Server with WeChat driver




9.000.03
Yes
Yes
 Digital Messaging Server supports only one port "default" with Listening Mode = secured






Client to:







Configuration Sever 8.5.100.22
Yes
Yes







Solution Control Server 8.5.100.17
Yes







Message Server 8.5.100.13
Yes







Universal Contact Server 8.5.200.19
Yes







Interaction Server 8.5.110.01
Yes







Chat Server 8.5.109.05
Yes







Server to:







Interaction Server 8.5.110.01
Yes
Yes




Interaction Server Proxy




8.5.110.01
Yes
Yes







Configuration Sever 8.5.100.22
Yes







Message Server 8.5.100.13
Yes







Interaction Server 8.5.110.01
Yes




Web Services and Applications




8.5.201.85
Yes
No
 * Simple TLS ONLY.


  • Mutual TLS is not supported.


  • CS Auto-detect port is not supported, must use ‘secured’.


  • FIPS compliant.


  • Connection to MS is not supported.


  • ‘Client-side’ option is NOT supported


  • TLS 1.2 supported on all connections:


add “-Djdk.tls.client.protocols=TLSv1.2” into command line or into JAVA_OPTIONS of “/etc/default/gws” for CentOS6 or “/usr/lib/systemd/system/gws.service“ for CentOS7


GWS CA Trusted certificate must be configured in application.yaml file only: (GWS do not read configuration from CME)serverSettings:


caCertificate: /usr/local/genesys/cacert/ca_cert.pem 


onPremiseSettings: <br>cmeHost: fmk<br>cmePort: 2021<br>tlsEnabled: true




 Configuration Server 8.5.101.08
Yes




 Interaction Server 8.5.107.11
Yes




 Universal Contact Server 8.5.200.10
Yes




 Chat Server 8.5.109.06
Yes




 SIP 8.1.102.58
Yes
Genesys Mobile Engagement




8.5.107.19













Configuration Sever 8.5.100.22







Message Server 8.5.100.13







Statistics Server 8.5.102.22







Cassandra 2.28


TLS for GMS+Cassandra is not supported.






Chat Server 8.5.105.05


Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true






Universal Contact Server 8.5.200.10 TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).






Email Server 8.5.104.06


You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).






Orchestration Server 8.1.400.53



You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).





Web API Server





You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).






Solution Control Server 8.5.100.17







Universal Routing Server 8.1.400.22


You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).



Co-browse




8.5.000
Yes
Yes







Configuration Sever 8.5.100.22
Yes







Message Server 8.5.100.13
Yes







External Cassandra 8.5.100
Yes




Workforce Management







Yes










WFM Server 8.5.207.09
Yes
Yes







WFM Builder 8.5.207.05
Yes
Yes







WFM Demon 8.5.207.01
Yes
Yes







WFM Web 8.1.301.02
Yes
Yes







WFM Aggregator 8.5.203.00
Yes
Yes







WFM DB Server 8.1.301.02
Yes







GVP Resource Manager




8.5.175.95













SIP Server 8.1.102.58
Yes
Yes







Media Control Platform 8.5.176.05
Yes
Yes







CTI Connector 9.0.010.07
Yes
Yes







Reporting Server 8.5.181.77





No







RM Internode Not Applicable
No
No







Configuration Sever 8.5.100.22
Yes
Yes







Local Control Agent Not Applicable Not Applicable Not Applicable







Message Server 8.5.100.13





No




GVP Supplementary Services Gateway




Not Applicable













SIP Server Not Applicable















HTTPS (Client) Not Applicable















Configuration Sever Not Applicable















Message Server Not Applicable















Local Control Agent Not Applicable Not Applicable Not Applicable




Voice Platform Media Control Platform




8.5.176.05













Resource Manager 8.5.175.95
Yes
Yes







Reporting Server 8.5.181.77





No







Configuration Sever 8.5.100.22
Yes
Yes







Local Control Agent Not Applicable Not Applicable Not Applicable







Message Server 8.5.100.13





No







HTTPS (Client) 8.5.176.05
Yes
Yes







ASR/TTS (MRCP v2 Nuance) 8.5.176.05
Yes
Yes







ASR/TTS(MRCP v1 Nuance/MRCPP) Not Applicable Not Applicable Not Applicable




GVP MRCP Proxy




8.5.184.42













Reporting Server 8.5.181.77





No







Configuration Sever 8.5.100.22
Yes
Yes







Local Control Agent Not Applicable Not Applicable Not Applicable







Message Server 8.5.100.13





No







MRCP ASR/TTS Not Applicable
No
No







MRCP Client Not Applicable
No
No




GVP CCP




Not Applicable
No
No







Resource Manager Not Applicable
No
No







Configuration Sever Not Applicable
No
No







Local Control Agent Not Applicable Not Applicable Not Applicable







Message Server Not Applicable
No
No







HTTPS(client) Not Applicable
No
No




GVP UCMConnector (T-Server-CUCM to Media Server Connector)



8.5.184.06













Resource Manager 8.5.175.95





Yes







T-Server Not Applicable
No
No







Configuration Sever 8.5.100.22
Yes
Yes







Message Server 8.5.100.13















Local Control Agent Not Applicable Not Applicable Not Applicable




GVP Policy Server




No
Yes











Configuration Sever
No
Yes











HTTPS
No
Yes











Genesys Administrator UI
No
Yes











Message Server
No
Yes











Local Control Agent Not Applicable Not Applicable Not Applicable




GVP CTIConnector


















IVR Server 9.0.010.07
Yes
Yes







Cisco ICM Not Applicable
No










Configuration Sever 9.0.010.07
Yes
Yes







Resource Manager 9.0.010.07
Yes
Yes







Message Server 9.0.010.07
Yes
Yes




GVP Reporting Server


















Configuration Sever 9.0.010.62










Java level TLS protocol option support






Database 9.0.010.62











Oracle database - Oracle 12c RAC -Mutual TLS


SQL Server 2012 - Simple TLS





HTTPS 9.0.010.62









Java level TLS protocol option support







RC (Active MQ) 9.0.010.62











  Message Server 9.0.010.62     Java level TLS protocol option support
WD Manager

9.0.004.07

CS 8.1.300.24



 
MS 8.5.100.03



 
iWD HistoryNode 9.0.004.07



 
IS 8.5.105.04



 
UCS 8.5.300.09



 
iWD HistoryNode

9.0.004.07

CS 8.1.300.24



 
MS 8.5.100.03



 
JMSQ  



 
iWD RuntimeNode

9.0.004.07


CS 8.1.300.24



 
MS 8.5.100.03



 
iWD HistoryNode 9.0.004.07



 
iWD Web

9.0.004.01


CS 8.1.300.24



 
MS 8.5.100.03



 
IS 8.5.105.04



 
iWD Web CapturePoint 9.0.003.07



 
Browser iWD Web 9.0.004.01



 
iWD Manager 9.0.004.07



 
iWD GAX Plugin iWD RuntimeNode 9.0.004.07





 
LDS TProxy2 1

8.1.1005.02


CS 8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
SIP 8.1.101.79 Yes Yes  
LDS TProxy2

8.1.005.02


LDS TProxy1 8.1.005.02 Yes Yes  
LDS TProxy1 bkp 8.1.100.02 Yes Yes  
CS 8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
URS

8.1.400.28

LDS TProxy2 8.10.005.02 Yes Yes  
LDS TProxy1 bkp CS 8.5.100.25 Yes Yes  
  MS 8.5.100.11 Yes Yes  
  SIP 8.1.101.79 Yes Yes  
GAX   8.5.290.09 Yes Yes For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.

For connections to other servers, if using Java 7.


set -Djdk.tls.client.protocols=TLSv1.2.


For Java 8 this is not needed as TLS1.2 is the default.

  Configuration Server 8.5.101.16 Yes Yes  
  SCS 8.5.100.26 Yes Yes  
  MS-SQL Database SQLServer 2014, SQLServer 2016, SQLServer 2012 Yes Yes  
Comments or questions about this documentation? Contact us for support!