Revision as of 04:46, September 21, 2018 by Xavier (talk | contribs)
Jump to: navigation, search

TLS Protocol Support

If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority. 30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises. This page provides general information relevant to Genesys products' support for TLS 1.2.

Product Product Connections TLS 1.2 Support Release # Compatible with SHA2 certificates
Sec-Protocol Option Support
 Conditions
Management Framework Configuration Server 8.5.100.22 Yes Yes  
Message Server 8.5.100.13 Yes Yes  
SCS 8.5.100.17 Yes Yes  
LCA 8.5.100.20 Yes Yes  
CS Proxy 8.5.100.22 Yes Yes  
DB Server 8.1.300.06 Yes Yes  
Universal Contact Server
 8.5.300.01
Yes
Yes
Configuration Sever 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Chat Server 8.5.107.11
Yes
Interaction Server 8.5.109.01
Yes
Email Server 8.5.104.06
Yes
Local Control Agent 8.5.100.20
Yes


Social Media Server 8.5.400.03
Yes


Email Server


8.5.104.06
Yes
Yes


Configuration Sever 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Interaction Server 8.5.109.01
Yes


Universal Contact Server 8.5.100.19
Yes


Social Media Server
 . 8.5.400.03
Yes
Yes


Configuration Sever 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Universal Contact Server 8.5.100.19
Yes


Interaction Server 8.5.109.01
Yes


Universal Contact Server Proxy


8.5.100.04
Yes
Yes


UCS 8.5.100.19
Yes


Configuration Sever 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


T-Server for Avaya Communication Manager


8.1.010.30
Yes
Yes


Configuration Sever 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


ISCC 8.1.010.30
Yes


High Availability 8.1.010.30
Yes


Outbound Contact Server


8.1.508.02
Yes
Yes
v.8.1.508.01+


Message Server 8.5.100.13
Yes


Configuration Sever 8.5.100.22
Yes


SIP Server 8.1.102.58
Yes


Avaya T-Server 8.1.010.30
Yes


Interaction Server 8.5.109.01
Yes


DB Server 8.1.300.06
Yes


Stat Server 8.5.102.00
Yes


Orchestration Server


8.1.400.58
Yes
Yes



Message Server 8.5.100.13
Yes



Configuration Sever 8.5.100.22
Yes



Universal Routing Server 8.1.400.22
Yes



Stat Server 8.5.107.00
Yes



SIP 8.1.102.58
Yes



Interaction Server 8.5.109.01
Yes


Interaction Concentrator


8.1.514.03
Yes
Yes



Configuration Sever 8.5.100.22
Yes



Message Server 8.5.100.13
Yes



DB Server 8.1.301.03
Yes



SIP 8.1.102.58
Yes



Outbound Contact Server 8.1.508.00
Yes



Interaction Server 8.5.109.01
Yes


Classification Server


8.5.300.01
Yes
Yes



Configuration Sever 8.5.100.22
Yes



Configuration Server Proxy 8.5.100.22




Message Server 8.5.100.13
Yes



Universal Contact Server 8.5.100.19
Yes



Local Control Agent 8.5.100.20
Yes


Interaction Server


8.5.110.01


Yes
 Interaction Server was verified on: Linux 64 and Windows 2008R


Client to:



Configuration Sever 8.5.100.22
Yes
Yes



Configuration Server Proxy 8.5.100.22
Yes



Message Server 8.5.100.13
Yes



Local Control Agent 8.5.100.20
Yes



Universal Contact Server 8.5.100.19
Yes



DB Server 8.1.301.03
Yes



Chat Server 8.5.107.11
Yes



Social Media Server 8.5.400.03
Yes



Classification Server 8.5.300.01
Yes



Email Server 8.5.104.06
Yes



Server to:



Interaction Proxy 8.5.110.01
Yes
Yes



Orchestration Server 8.1.400.58
Yes



Interaction Concentrator 8.1.514.03
Yes



Universal Routing Server 8.1.400.22
Yes



Outbound Contact Server 8.1.508.00
Yes



Stat Server 8.5.107.03
Yes



Email Server 8.5.104.06
Yes



Social Media Server 8.5.400.03
Yes



Chat Server 8.5.107.11
Yes


Chat Server


8.5.109.05





Configuration Sever 8.5.100.22
Yes
Yes



Message Server 8.5.100.13
Yes



Interaction Server 8.5.110.01
Yes



Universal Contact Server 8.5.200.19
Yes



Cassandra 2.28
Yes


Digital Messaging Server with WeChat driver


9.000.03
Yes
Yes
 Digital Messaging Server supports only one port "default" with Listening Mode = secured



Client to:



Configuration Sever 8.5.100.22
Yes
Yes



Solution Control Server 8.5.100.17
Yes



Message Server 8.5.100.13
Yes



Universal Contact Server 8.5.200.19
Yes



Interaction Server 8.5.110.01
Yes



Chat Server 8.5.109.05
Yes



Server to:



Interaction Server 8.5.110.01
Yes
Yes


Interaction Server Proxy


8.5.110.01
Yes
Yes



Configuration Sever 8.5.100.22
Yes



Message Server 8.5.100.13
Yes



Interaction Server 8.5.110.01
Yes


Web Services and Applications


8.5.201.85
Yes
No
 * Simple TLS ONLY.
  • Mutual TLS is not supported.
  • |-

Configuration Server Auto-detect port is not supported, must use ‘secured’.

  • FIPS compliant.
  • Connection to MS is not supported.
  • ‘Client-side’ option is NOT supported
  • TLS 1.2 supported on all connections:

add “-Djdk.tls.client.protocols=TLSv1.2” into command line or into JAVA_OPTIONS of “/etc/default/gws” for CentOS6 or “/usr/lib/systemd/system/gws.service“ for CentOS7

GWS CA Trusted certificate must be configured in application.yaml file only: (GWS do not read configuration from CME)serverSettings:

caCertificate: /usr/local/genesys/cacert/ca_cert.pem 

onPremiseSettings: <br>cmeHost: fmk<br>cmePort: 2021<br>tlsEnabled: true


 Configuration Server 8.5.101.08
Yes


 Interaction Server 8.5.107.11
Yes


 Universal Contact Server 8.5.200.10
Yes


 Chat Server 8.5.109.06
Yes


 SIP Server 8.1.102.58
Yes
Genesys Mobile Engagement


8.5.107.19





Configuration Sever 8.5.100.22



Message Server 8.5.100.13



Statistics Server 8.5.102.22



Cassandra 2.28

TLS for GMS+Cassandra is not supported.



Chat Server 8.5.105.05

Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true



Universal Contact Server 8.5.200.10 TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).



Email Server 8.5.104.06

You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).



Orchestration Server 8.1.400.53


You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).


Web API Server


You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).



Solution Control Server 8.5.100.17



Universal Routing Server 8.1.400.22

You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).


Co-browse


8.5.000
Yes
Yes



Configuration Sever 8.5.100.22
Yes



Message Server 8.5.100.13
Yes



External Cassandra 8.5.100
Yes


Workforce Management



Yes




WFM Server 8.5.207.09
Yes
Yes



WFM Builder 8.5.207.05
Yes
Yes



WFM Demon 8.5.207.01
Yes
Yes



WFM Web 8.1.301.02
Yes
Yes



WFM Aggregator 8.5.203.00
Yes
Yes



WFM DB Server 8.1.301.02
Yes



GVP Resource Manager


8.5.175.95





SIP Server 8.1.102.58
Yes
Yes



Media Control Platform 8.5.176.05
Yes
Yes



CTI Connector 9.0.010.07
Yes
Yes



Reporting Server 8.5.181.77



No



RM Internode Not Applicable
No
No



Configuration Sever 8.5.100.22
Yes
Yes



Local Control Agent Not Applicable Not Applicable Not Applicable



Message Server 8.5.100.13



No


GVP Supplementary Services Gateway


Not Applicable





SIP Server Not Applicable







HTTPS (Client) Not Applicable







Configuration Sever Not Applicable







Message Server Not Applicable







Local Control Agent Not Applicable Not Applicable Not Applicable


Voice Platform Media Control Platform


8.5.176.05





Resource Manager 8.5.175.95
Yes
Yes



Reporting Server 8.5.181.77



No



Configuration Sever 8.5.100.22
Yes
Yes



Local Control Agent Not Applicable Not Applicable Not Applicable



Message Server 8.5.100.13



No



HTTPS (Client) 8.5.176.05
Yes
Yes



ASR/TTS (MRCP v2 Nuance) 8.5.176.05
Yes
Yes



ASR/TTS(MRCP v1 Nuance/MRCPP) Not Applicable Not Applicable Not Applicable


GVP MRCP Proxy


8.5.184.42





Reporting Server 8.5.181.77



No



Configuration Sever 8.5.100.22
Yes
Yes



Local Control Agent Not Applicable Not Applicable Not Applicable



Message Server 8.5.100.13



No



MRCP ASR/TTS Not Applicable
No
No



MRCP Client Not Applicable
No
No


GVP CCP


Not Applicable
No
No



Resource Manager Not Applicable
No
No



Configuration Sever Not Applicable
No
No



Local Control Agent Not Applicable Not Applicable Not Applicable



Message Server Not Applicable
No
No



HTTPS(client) Not Applicable
No
No


GVP UCMConnector (T-Server-CUCM to Media Server Connector)


8.5.184.06





Resource Manager 8.5.175.95



Yes



T-Server Not Applicable
No
No



Configuration Sever 8.5.100.22
Yes
Yes



Message Server 8.5.100.13







Local Control Agent Not Applicable Not Applicable Not Applicable


GVP Policy Server


No
Yes





Configuration Sever
No
Yes





HTTPS
No
Yes





Genesys Administrator UI
No
Yes





Message Server
No
Yes





Local Control Agent Not Applicable Not Applicable Not Applicable


GVP CTIConnector







IVR Server 9.0.010.07
Yes
Yes



Cisco UCM Not Applicable
No




Configuration Sever 9.0.010.07
Yes
Yes



Resource Manager 9.0.010.07
Yes
Yes



Message Server 9.0.010.07
Yes
Yes


GVP Reporting Server







Configuration Sever 9.0.010.62





Java level TLS protocol option support



Database 9.0.010.62






Oracle database - Oracle 12c RAC -Mutual TLS

SQL Server 2012 - Simple TLS


HTTPS 9.0.010.62





Java level TLS protocol option support



RC (Active MQ) 9.0.010.62






  Message Server 9.0.010.62     Java level TLS protocol option support
WD Manager

9.0.004.07

-

Configuration Server

8.1.300.24  
MS 8.5.100.03  
iWD HistoryNode 9.0.004.07  
IS 8.5.105.04  
UCS 8.5.300.09  
iWD HistoryNode

9.0.004.07

-

Configuration Server

8.1.300.24  
MS 8.5.100.03  
JMSQ    
iWD RuntimeNode

9.0.004.07

-

Configuration Server

8.1.300.24  
MS 8.5.100.03  
iWD HistoryNode 9.0.004.07  
iWD Web

9.0.004.01

-

Configuration Server

8.1.300.24  
MS 8.5.100.03  
IS 8.5.105.04  
iWD Web CapturePoint 9.0.003.07  
Browser iWD Web 9.0.004.01  
iWD Manager 9.0.004.07  
iWD GAX Plugin iWD RuntimeNode 9.0.004.07



 
LDS TProxy2 1

8.1.1005.02

-

Configuration Server

8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
SIP 8.1.101.79 Yes Yes  
LDS TProxy2

8.1.005.02

LDS TProxy1 8.1.005.02 Yes Yes  
LDS TProxy1 bkp 8.1.100.02 Yes Yes  
-

Configuration Server

8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
URS

8.1.400.28

LDS TProxy2 8.10.005.02 Yes Yes  
LDS TProxy1 bkp -

Configuration Server

8.5.100.25 Yes Yes  
  MS 8.5.100.11 Yes Yes  
  SIP 8.1.101.79 Yes Yes  
GAX   8.5.290.09 Yes Yes For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.

For connections to other servers, if using Java 7.

set -Djdk.tls.client.protocols=TLSv1.2.

For Java 8 this is not needed as TLS1.2 is the default.

  Configuration Server 8.5.101.16 Yes Yes  
  SCS 8.5.100.26 Yes Yes  
  MS-SQL Database SQLServer 2014, SQLServer 2016, SQLServer 2012 Yes Yes  
Comments or questions about this documentation? Contact us for support!