What is TLS?
And what is the latest news?
What is TLS?
Transport Layer Security (TLS) is an encryption protocol intended to keep data secure when being transferred over a network. Specifically, it provides authentication, privacy, and data integrity between two communicating computer applications.
It is mostly familiar to users through its secure web browsing, and in particular the padlock icon that appears in web browsers when a secure session is established. However, it can and indeed should also be used for other applications such as e-mail, file transfers, video/audio conferencing, instant messaging, and voice-over IP, as well as internet services such as DNS (Domain Name System) and NTP (Network Time Protocol).
There are three main components to what the TLS protocol accomplishes:
- Encryption: hides the data being transferred from third parties.
- Authentication: ensures that the parties exchanging information are who they claim to be.
- Integrity: verifies that the data has not been forged or tampered with.
Without TLS, sensitive information such as logins, credit card details, and personal details can easily be gleaned by others, but also browsing habits, e-mail correspondence, online chats, and conferencing calls can be monitored. By enabling client and server applications to support TLS, it ensures that data transmitted between them is encrypted with secure algorithms and not viewable by third parties.
What is the latest news regarding TLS?
Microsoft has supported the TLS protocols since Windows XP/Server 2003. However, it has been announced by Microsoft that the older TLS 1.0 and 1.1 protocols will be retired, although as yet no specific date has been given.
However, due to evolving regulatory requirements and the increased susceptibility for vulnerabilities in these older protocols, Microsoft recommends that clients remove TLS 1.0/1.1 dependencies in their environments and disable TLS 1.0 and 1.1 at the operating system level where possible.
How does this affect Microsoft Dynamics GP?
Previous version of Microsoft Dynamics GP require these earlier TLS versions to be enabled. Microsoft Dynamics GP 18.3 (and future releases) is now fully compatible with TLS 1.2, therefore TLS 1.0 and 1.1 can be disabled without affecting your GP systems.
If you are not in a position to upgrade your Microsoft Dynamics GP solution, you can still keep the older protocols enabled in order to keep your Dynamics GP systems running.
It should be noted that these may increasingly have security and process implications.
What is the issue?
TLS 1.0 and TLS 1.1 security protocols are being depreciated from Server, Browser, and Online services.
Certain regulatory compliance, including Payment Card Industry (PCI) compliancy, now prohibit the use of TLS 1.0 in PCI compliant environments.
Who is affected?
Microsoft Dynamics GP clients who want to disable the older insecure protocols of TLS 1.0 and 1.1 on their server.
Microsoft Dynamics GP clients who have communication processes which interact with services that will stop accepting TLS 1.0 and 1.1 communications.
What is the fix?
Upgrading to the latest Microsoft Dynamics GP release, build 18.3x or above, as it is fully compliant with TLS 1.2 and can operate with the older protocols disabled.
What are the workarounds?
TLS 1.0 and 1.1 cannot be disabled on servers hosting older versions of Microsoft Dynamics GP. The following GP services are examples that will be directly affected if TLS 1.0 is disabled:
- E-mailing within Microsoft Dynamics GP when using both the Exchange Server Type and the SMTP e-mail that is used for the Workflow feature within Microsoft Dynamics GP.
- The Microsoft Dynamics GP Web Client.
- Web Services for Microsoft Dynamics GP.
Please note: the GP Data source drivers (ODBC) might require updating to communicate with SQL using TLS 1.2.
What does this mean for my Dynamics GP solution?
Currently there is no firm date for when TLS 1.0 and 1.1 will be completely disabled. However, the industry is moving away from these communication standards quickly and you should act as soon as possible to update your systems to be compatible with the latest security standards.
Any organisation that wants to be secure and compliant with current payment processing standards should disable old security protocols and only use TLS 1.2 or above. If your Dynamics system is not yet fully compliant with TLS 1.2, you should start thinking about upgrading your Microsoft Dynamics GP solution: you can find out more about upgrade options, and why and how to do it, here.
Other security trends for your consideration:
You can learn more about the other security challenges that we are finding within our client base, and what you can do, below: