Revision as of 06:49, September 24, 2018 by Xavier (talk | contribs)
Jump to: navigation, search

TLS Protocol Support

If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority. 30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises. This page provides general information relevant to Genesys products' support for TLS 1.2.Configuration Server

Product Product Connections TLS 1.2 Support Release # Compatible with SHA2 certificates
Sec-Protocol Option Support
 Conditions
Management Framework Configuration Server 8.5.100.22 Yes Yes  
Message Server 8.5.100.13 Yes  
SCS 8.5.100.17 Yes  
Local Control Agent 8.5.100.20 Yes  
CS Proxy 8.5.100.22 Yes  
DB Server 8.1.300.06 Yes  
Universal Contact Server
 8.5.300.01
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Chat Server 8.5.107.11
Yes
Interaction Server 8.5.109.01
Yes
Email Server 8.5.104.06
Yes
Local Control Agent 8.5.100.20
Yes
Social Media Server 8.5.400.03
Yes
Email Server
 8.5.104.06
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Interaction Server 8.5.109.01
Yes
Universal Contact Server 8.5.100.19
Yes
Social Media Server
 . 8.5.400.03
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Universal Contact Server 8.5.100.19
Yes
Interaction Server 8.5.109.01
Yes
Universal Contact Server Proxy
 8.5.100.04
Yes
Yes
Universal Contact Server 8.5.100.19
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
T-Server for Avaya Communication Manager
 8.1.010.30
Yes
Yes
Configuration Server 8.5.100.22
Yes
  
Message Server 8.5.100.13
Yes
  
Outbound Contact Server
 8.1.508.02
Yes
Yes
v.8.1.508.01+
Message Server 8.5.100.13
Yes
Configuration Server 8.5.100.22
Yes
SIP Server 8.1.102.58
Yes
Avaya T-Server 8.1.010.30
Yes
Interaction Server 8.5.109.01
Yes
DB Server 8.1.300.06
Yes
Stat Server 8.5.102.00
Yes
Orchestration Server 8.1.400.58
Yes
Yes
Message Server 8.5.100.13
Yes
Configuration Server 8.5.100.22
Yes
Universal Routing Server 8.1.400.22
Yes
Stat Server 8.5.107.00
Yes
SIP Server 8.1.102.58
Yes
Interaction Server 8.5.109.01
Yes
Interaction Concentrator 8.1.514.03
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
DB Server 8.1.301.03
Yes
SIP Server 8.1.102.58
Yes
Outbound Contact Server 8.1.508.00
Yes
Interaction Server 8.5.109.01
Yes
Classification Server 8.5.300.01
Yes
Yes
Configuration Server 8.5.100.22
Yes
Configuration Server Proxy 8.5.100.22
Message Server 8.5.100.13
Yes
Universal Contact Server 8.5.100.19
Yes
Local Control Agent 8.5.100.20
Yes
Interaction Server 8.5.110.01
Yes
 Interaction Server was verified on: Linux 64 and Windows 2008R
Client to:
Configuration Server 8.5.100.22
Yes
Yes
Configuration Server Proxy 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Local Control Agent 8.5.100.20
Yes
Universal Contact Server 8.5.100.19
Yes
DB Server 8.1.301.03
Yes
Chat Server 8.5.107.11
Yes
Social Media Server 8.5.400.03
Yes
Classification Server 8.5.300.01
Yes
Email Server 8.5.104.06
Yes
Server to:
Interaction Proxy 8.5.110.01
Yes
Yes
Orchestration Server 8.1.400.58
Yes
Interaction Concentrator 8.1.514.03
Yes
Universal Routing Server 8.1.400.22
Yes
Outbound Contact Server 8.1.508.00
Yes
Stat Server 8.5.107.03
Yes
Email Server 8.5.104.06
Yes
Social Media Server 8.5.400.03
Yes
Chat Server 8.5.107.11
Yes
Chat Server 8.5.109.05
Configuration Server 8.5.100.22
Yes
Yes
Message Server 8.5.100.13
Yes
Interaction Server 8.5.110.01
Yes
Universal Contact Server 8.5.200.19
Yes
Cassandra 2.28
Yes
Digital Messaging Server with WeChat driver 9.000.03
Yes
Yes
 Digital Messaging Server supports only one port "default" with Listening Mode = secured
Client to:
Configuration Server 8.5.100.22
Yes
Yes
Solution Control Server 8.5.100.17
Yes
Message Server 8.5.100.13
Yes
Universal Contact Server 8.5.200.19
Yes
Interaction Server 8.5.110.01
Yes
Chat Server 8.5.109.05
Yes
Server to:
Interaction Server 8.5.110.01
Yes
Yes
Interaction Server Proxy 8.5.110.01
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
Interaction Server 8.5.110.01
Yes
Web Services and Applications 8.5.201.85
Yes
No
  • Simple TLS ONLY.
  • Mutual TLS is not supported.
  • Configuration Server Auto-detect port is not supported, must use ‘secured’.
  • FIPS compliant.
  • Connection to MS is not supported.
  • ‘Client-side’ option is NOT supported
  • TLS 1.2 supported on all connections:
Important
{{{1}}}
Configuration Server 8.5.101.08
Yes
Interaction Server 8.5.107.11
Yes
Universal Contact Server 8.5.200.10
Yes
Chat Server 8.5.109.06
Yes
SIP Server 8.1.102.58
Yes
Genesys Mobile Engagement 8.5.107.19
Configuration Server 8.5.100.22
Message Server 8.5.100.13
Statistics Server 8.5.102.22
Cassandra 2.28

TLS for GMS+Cassandra is not supported.

Chat Server 8.5.105.05 Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true
Universal Contact Server 8.5.200.10 TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).
Email Server 8.5.104.06 You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Orchestration Server 8.1.400.53 You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set ((section gms, option http.ssl_trust_all, value=false, true).
Web API Server You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Solution Control Server 8.5.100.17
Universal Routing Server 8.1.400.22 You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Co-browse 8.5.000
Yes
Yes
Configuration Server 8.5.100.22
Yes
Message Server 8.5.100.13
Yes
External Cassandra 8.5.100
Yes
Workforce Management
Yes
WFM Server 8.5.207.09
Yes
Yes
WFM Builder 8.5.207.05
Yes
Yes
WFM Demon 8.5.207.01
Yes
Yes
WFM Web 8.1.301.02
Yes
Yes
WFM Aggregator 8.5.203.00
Yes
Yes
WFM DB Server 8.1.301.02
Yes
Voice Platform Resource Manager 8.5.175.95
SIP Server 8.1.102.58
Yes
Yes
Media Control Platform 8.5.176.05
Yes
Yes
CTI Connector 9.0.010.07
Yes
Yes
Reporting Server 8.5.181.77
No
RM Internode Not Applicable
No
No
Configuration Server 8.5.100.22
Yes
Yes
Local Control Agent Not Applicable Not Applicable Not Applicable
Message Server 8.5.100.13
No
Voice Platform Supplementary Services Gateway Not Applicable
SIP Server Not Applicable
HTTPS (Client) Not Applicable
Configuration Server Not Applicable
Message Server Not Applicable
Local Control Agent Not Applicable Not Applicable Not Applicable
Voice Platform Media Control Platform 8.5.176.05
Resource Manager 8.5.175.95
Yes
Yes
Reporting Server 8.5.181.77
No
Configuration Server 8.5.100.22
Yes
Yes
Local Control Agent Not Applicable Not Applicable Not Applicable
Message Server 8.5.100.13
No
HTTPS (Client) 8.5.176.05
Yes
Yes
ASR/TTS (MRCP v2 Nuance) 8.5.176.05
Yes
Yes
ASR/TTS(MRCP v1 Nuance/MRCPP) Not Applicable Not Applicable Not Applicable
Voice Platform MRCP Proxy 8.5.184.42
Reporting Server 8.5.181.77
No
Configuration Server 8.5.100.22
Yes
Yes
Local Control Agent Not Applicable Not Applicable Not Applicable
Message Server 8.5.100.13
No
MRCP ASR/TTS Not Applicable
No
No
MRCP Client Not Applicable
No
No
Voice Platform CCP Not Applicable
No
No
Resource Manager Not Applicable
No
No
Configuration Server Not Applicable
No
No
Local Control Agent Not Applicable Not Applicable Not Applicable
Message Server Not Applicable
No
No
HTTPS(client) Not Applicable
No
No
Voice Platform UCMConnector

(T-Server-CUCM to Media Server Connector)

8.5.184.06
Resource Manager 8.5.175.95
Yes
T-Server Not Applicable
No
No
Configuration Server 8.5.100.22
Yes
Yes
Message Server 8.5.100.13
Local Control Agent Not Applicable Not Applicable Not Applicable
Voice Platform Policy Server
No
Yes
Configuration Server
No
Yes
HTTPS
No
Yes
Genesys Administrator UI
No
Yes
Message Server
No
Yes
Local Control Agent Not Applicable Not Applicable Not Applicable
Voice Platform CTIConnector
IVR Server 9.0.010.07
Yes
Yes
Cisco UCM Not Applicable
No
Configuration Server 9.0.010.07
Yes
Yes
Resource Manager 9.0.010.07
Yes
Yes
Message Server 9.0.010.07
Yes
Yes
Voice Platform Reporting Server
Configuration Server 9.0.010.62

Java level TLS protocol option support

Database 9.0.010.62 Oracle database - Oracle 12c RAC -Mutual TLS

SQL Server 2012 - Simple TLS

HTTPS 9.0.010.62 Java level TLS protocol option support
RC (Active MQ) 9.0.010.62
Message Server 9.0.010.62 Java level TLS protocol option support
WD Manager

9.0.004.07

Configuration Server 8.1.300.24      
Message Server 8.5.100.03  
iWD HistoryNode 9.0.004.07  
IS 8.5.105.04  
Universal Contact Server 8.5.300.09  
iWD HistoryNode

9.0.004.07

Configuration Server 8.1.300.24    
Message Server 8.5.100.03  
JMSQ    
iWD RuntimeNode

9.0.004.07

Configuration Server 8.1.300.24      
Message Server 8.5.100.03  
iWD HistoryNode 9.0.004.07  
iWD Web

9.0.004.01

Configuration Server 8.1.300.24      
  Message Server 8.5.100.03  
  IS 8.5.105.04  
  iWD Web CapturePoint 9.0.003.07  
Browser iWD Web 9.0.004.01  
iWD Manager 9.0.004.07  
iWD GAX Plugin iWD RuntimeNode 9.0.004.07  
LDS TProxy2

8.1.1005.02

       
Configuration Server 8.5.100.25 Yes Yes  
Message Server 8.5.100.11 Yes Yes  
SIP Server 8.1.101.79 Yes Yes  
LDS TProxy2

8.1.005.02

LDS TProxy1 8.1.005.02 Yes Yes  
LDS TProxy1 bkp 8.1.100.02 Yes Yes  
Configuration Server 8.5.100.25 Yes Yes  
Message Server 8.5.100.11 Yes Yes  
URS

8.1.400.28

LDS TProxy2 8.10.005.02 Yes Yes  
LDS TProxy1 bkp Configuration Server 8.5.100.25 Yes Yes  
  Message Server 8.5.100.11 Yes Yes  
  SIP Server 8.1.101.79 Yes Yes  
GAX   8.5.290.09 Yes Yes For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.

For connections to other servers, if using Java 7. set -Djdk.tls.client.protocols=TLSv1.2. For Java 8 this is not needed as TLS1.2 is the default.

  Configuration Server 8.5.101.16 Yes Yes  
  SCS 8.5.100.26 Yes Yes  
  MS-SQL Database SQLServer 2014, SQLServer 2016, SQLServer 2012 Yes Yes  
Comments or questions about this documentation? Contact us for support!