Revision as of 04:58, September 21, 2018 by Xavier (talk | contribs)
Jump to: navigation, search

TLS Protocol Support

If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority. 30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises. This page provides general information relevant to Genesys products' support for TLS 1.2.Configuration Server

Product Product Connections TLS 1.2 Support Release # Compatible with SHA2 certificates
Sec-Protocol Option Support
 Conditions
Management Framework Configuration Server 8.5.100.22 Yes Yes  
Message Server 8.5.100.13 Yes  
SCS 8.5.100.17 Yes  
LCA 8.5.100.20 Yes  
CS Proxy 8.5.100.22 Yes  
DB Server 8.1.300.06 Yes  
Universal Contact Server




8.5.300.01
Yes
Yes




Configuration Sever 8.5.100.22
Yes




Message Server 8.5.100.13
Yes




Chat Server 8.5.107.11
Yes




Interaction Server 8.5.109.01
Yes




Email Server 8.5.104.06
Yes




Local Control Agent 8.5.100.20
Yes






Social Media Server 8.5.400.03
Yes






Email Server






8.5.104.06
Yes
Yes






Configuration Sever 8.5.100.22
Yes






Message Server 8.5.100.13
Yes






Interaction Server 8.5.109.01
Yes






Universal Contact Server 8.5.100.19
Yes






Social Media Server
 . 8.5.400.03
Yes
Yes






Configuration Sever 8.5.100.22
Yes






Message Server 8.5.100.13
Yes






Universal Contact Server 8.5.100.19
Yes






Interaction Server 8.5.109.01
Yes






Universal Contact Server Proxy






8.5.100.04
Yes
Yes






UCS 8.5.100.19
Yes






Configuration Sever 8.5.100.22
Yes






Message Server 8.5.100.13
Yes






T-Server for Avaya Communication Manager






8.1.010.30
Yes
Yes






Configuration Sever 8.5.100.22
Yes






Message Server 8.5.100.13
Yes






ISCC 8.1.010.30
Yes






High Availability 8.1.010.30
Yes






Outbound Contact Server






8.1.508.02
Yes
Yes
v.8.1.508.01+






Message Server 8.5.100.13
Yes






Configuration Sever 8.5.100.22
Yes






SIP Server 8.1.102.58
Yes






Avaya T-Server 8.1.010.30
Yes






Interaction Server 8.5.109.01
Yes






DB Server 8.1.300.06
Yes






Stat Server 8.5.102.00
Yes






Orchestration Server






8.1.400.58
Yes
Yes











Message Server 8.5.100.13
Yes











Configuration Sever 8.5.100.22
Yes











Universal Routing Server 8.1.400.22
Yes











Stat Server 8.5.107.00
Yes











SIP 8.1.102.58
Yes











Interaction Server 8.5.109.01
Yes






Interaction Concentrator






8.1.514.03
Yes
Yes











Configuration Sever 8.5.100.22
Yes











Message Server 8.5.100.13
Yes











DB Server 8.1.301.03
Yes











SIP 8.1.102.58
Yes











Outbound Contact Server 8.1.508.00
Yes











Interaction Server 8.5.109.01
Yes






Classification Server






8.5.300.01
Yes
Yes











Configuration Sever 8.5.100.22
Yes











Configuration Server Proxy 8.5.100.22
















Message Server 8.5.100.13
Yes











Universal Contact Server 8.5.100.19
Yes











Local Control Agent 8.5.100.20
Yes






Interaction Server






8.5.110.01






Yes
 Interaction Server was verified on: Linux 64 and Windows 2008R






Client to:











Configuration Sever 8.5.100.22
Yes
Yes











Configuration Server Proxy 8.5.100.22
Yes











Message Server 8.5.100.13
Yes











Local Control Agent 8.5.100.20
Yes











Universal Contact Server 8.5.100.19
Yes











DB Server 8.1.301.03
Yes











Chat Server 8.5.107.11
Yes











Social Media Server 8.5.400.03
Yes











Classification Server 8.5.300.01
Yes











Email Server 8.5.104.06
Yes











Server to:











Interaction Proxy 8.5.110.01
Yes
Yes











Orchestration Server 8.1.400.58
Yes











Interaction Concentrator 8.1.514.03
Yes











Universal Routing Server 8.1.400.22
Yes











Outbound Contact Server 8.1.508.00
Yes











Stat Server 8.5.107.03
Yes











Email Server 8.5.104.06
Yes











Social Media Server 8.5.400.03
Yes











Chat Server 8.5.107.11
Yes






Chat Server






8.5.109.05





















Configuration Sever 8.5.100.22
Yes
Yes











Message Server 8.5.100.13
Yes











Interaction Server 8.5.110.01
Yes











Universal Contact Server 8.5.200.19
Yes











Cassandra 2.28
Yes






Digital Messaging Server with WeChat driver






9.000.03
Yes
Yes
 Digital Messaging Server supports only one port "default" with Listening Mode = secured







Client to:











Configuration Sever 8.5.100.22
Yes
Yes











Solution Control Server 8.5.100.17
Yes











Message Server 8.5.100.13
Yes











Universal Contact Server 8.5.200.19
Yes











Interaction Server 8.5.110.01
Yes











Chat Server 8.5.109.05
Yes











Server to:











Interaction Server 8.5.110.01
Yes
Yes






Interaction Server Proxy






8.5.110.01
Yes
Yes











Configuration Sever 8.5.100.22
Yes











Message Server 8.5.100.13
Yes











Interaction Server 8.5.110.01
Yes






Web Services and Applications






8.5.201.85
Yes
No
 * Simple TLS ONLY.
  • Mutual TLS is not supported.



  • Configuration Server Auto-detect port is not supported, must use ‘secured’.



  • FIPS compliant.



  • Connection to MS is not supported.



  • ‘Client-side’ option is NOT supported



  • TLS 1.2 supported on all connections:



add “-Djdk.tls.client.protocols=TLSv1.2” into command line or into JAVA_OPTIONS of “/etc/default/gws” for CentOS6 or “/usr/lib/systemd/system/gws.service“ for CentOS7

GWS CA Trusted certificate must be configured in application.yaml file only: (GWS do not read configuration from CME)serverSettings:

caCertificate: /usr/local/genesys/cacert/ca_cert.pem 



onPremiseSettings: <br>cmeHost: fmk<br>cmePort: 2021<br>tlsEnabled: true






 Configuration Server 8.5.101.08
Yes






 Interaction Server 8.5.107.11
Yes






 Universal Contact Server 8.5.200.10
Yes






 Chat Server 8.5.109.06
Yes






 SIP Server 8.1.102.58
Yes
Genesys Mobile Engagement






8.5.107.19





















Configuration Sever 8.5.100.22











Message Server 8.5.100.13











Statistics Server 8.5.102.22











Cassandra 2.28





TLS for GMS+Cassandra is not supported.







Chat Server 8.5.105.05





Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true







Universal Contact Server 8.5.200.10 TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).







Email Server 8.5.104.06





You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).







Orchestration Server 8.1.400.53






You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).






Web API Server










You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).







Solution Control Server 8.5.100.17











Universal Routing Server 8.1.400.22





You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).


Co-browse






8.5.000
Yes
Yes











Configuration Sever 8.5.100.22
Yes











Message Server 8.5.100.13
Yes











External Cassandra 8.5.100
Yes






Workforce Management











Yes
















WFM Server 8.5.207.09
Yes
Yes











WFM Builder 8.5.207.05
Yes
Yes











WFM Demon 8.5.207.01
Yes
Yes











WFM Web 8.1.301.02
Yes
Yes











WFM Aggregator 8.5.203.00
Yes
Yes











WFM DB Server 8.1.301.02
Yes











GVP Resource Manager






8.5.175.95





















SIP Server 8.1.102.58
Yes
Yes











Media Control Platform 8.5.176.05
Yes
Yes











CTI Connector 9.0.010.07
Yes
Yes











Reporting Server 8.5.181.77







No











RM Internode Not Applicable
No
No











Configuration Sever 8.5.100.22
Yes
Yes











Local Control Agent Not Applicable Not Applicable Not Applicable











Message Server 8.5.100.13







No






GVP Supplementary Services Gateway






Not Applicable





















SIP Server Not Applicable























HTTPS (Client) Not Applicable























Configuration Sever Not Applicable























Message Server Not Applicable























Local Control Agent Not Applicable Not Applicable Not Applicable






Voice Platform Media Control Platform






8.5.176.05





















Resource Manager 8.5.175.95
Yes
Yes











Reporting Server 8.5.181.77







No











Configuration Sever 8.5.100.22
Yes
Yes











Local Control Agent Not Applicable Not Applicable Not Applicable











Message Server 8.5.100.13







No











HTTPS (Client) 8.5.176.05
Yes
Yes











ASR/TTS (MRCP v2 Nuance) 8.5.176.05
Yes
Yes











ASR/TTS(MRCP v1 Nuance/MRCPP) Not Applicable Not Applicable Not Applicable






GVP MRCP Proxy






8.5.184.42





















Reporting Server 8.5.181.77







No











Configuration Sever 8.5.100.22
Yes
Yes











Local Control Agent Not Applicable Not Applicable Not Applicable











Message Server 8.5.100.13







No











MRCP ASR/TTS Not Applicable
No
No











MRCP Client Not Applicable
No
No






GVP CCP






Not Applicable
No
No











Resource Manager Not Applicable
No
No











Configuration Sever Not Applicable
No
No











Local Control Agent Not Applicable Not Applicable Not Applicable











Message Server Not Applicable
No
No











HTTPS(client) Not Applicable
No
No






GVP UCMConnector

(T-Server-CUCM to Media Server Connector)






8.5.184.06





















Resource Manager 8.5.175.95







Yes











T-Server Not Applicable
No
No











Configuration Sever 8.5.100.22
Yes
Yes











Message Server 8.5.100.13























Local Control Agent Not Applicable Not Applicable Not Applicable






GVP Policy Server






No
Yes

















Configuration Sever
No
Yes

















HTTPS
No
Yes

















Genesys Administrator UI
No
Yes

















Message Server
No
Yes

















Local Control Agent Not Applicable Not Applicable Not Applicable






GVP CTIConnector































IVR Server 9.0.010.07
Yes
Yes











Cisco UCM Not Applicable
No
















Configuration Sever 9.0.010.07
Yes
Yes











Resource Manager 9.0.010.07
Yes
Yes











Message Server 9.0.010.07
Yes
Yes






GVP Reporting Server































Configuration Sever 9.0.010.62

















Java level TLS protocol option support







Database 9.0.010.62














Oracle database - Oracle 12c RAC -Mutual TLS

SQL Server 2012 - Simple TLS






HTTPS 9.0.010.62













Java level TLS protocol option support







RC (Active MQ) 9.0.010.62





















Message Server 9.0.010.62







Java level TLS protocol option support
WD Manager

9.0.004.07

    -

Configuration Server

8.1.300.24









 
MS 8.5.100.03









 
iWD HistoryNode 9.0.004.07









 
IS 8.5.105.04









 
UCS 8.5.300.09









 
iWD HistoryNode

9.0.004.07


    -

Configuration Server

8.1.300.24









 
MS 8.5.100.03









 
JMSQ  









 
iWD RuntimeNode

9.0.004.07

    -

Configuration Server

8.1.300.24









 
MS 8.5.100.03









 
iWD HistoryNode 9.0.004.07









 
iWD Web

9.0.004.01

    -

Configuration Server

8.1.300.24









 
MS 8.5.100.03









 
IS 8.5.105.04









 
iWD Web CapturePoint 9.0.003.07









 
Browser iWD Web 9.0.004.01









 
iWD Manager 9.0.004.07









 
iWD GAX Plugin iWD RuntimeNode 9.0.004.07











 
LDS TProxy2

8.1.1005.02

     


 
Configuration Server 8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
SIP 8.1.101.79 Yes Yes  
LDS TProxy2

8.1.005.02

LDS TProxy1 8.1.005.02 Yes Yes  
LDS TProxy1 bkp 8.1.100.02 Yes Yes  
    -

Configuration Server

8.5.100.25 Yes Yes  
MS 8.5.100.11 Yes Yes  
URS

8.1.400.28

LDS TProxy2 8.10.005.02 Yes Yes  
LDS TProxy1 bkp      
8.5.100.25 Yes Yes  
  MS 8.5.100.11 Yes Yes  
  SIP 8.1.101.79 Yes Yes  
GAX   8.5.290.09 Yes Yes For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.

For connections to other servers, if using Java 7.

set -Djdk.tls.client.protocols=TLSv1.2.

For Java 8 this is not needed as TLS1.2 is the default.

  Configuration Server 8.5.101.16 Yes Yes  
  SCS 8.5.100.26 Yes Yes  
  MS-SQL Database SQLServer 2014, SQLServer 2016, SQLServer 2012 Yes Yes  
Comments or questions about this documentation? Contact us for support!