Jump to: navigation, search

TLS Feature Support Matrix

Genesys is continually updating TLS implementations to keep up with latest revisions and best practice recommendations while enabling configurability to maintain a high degree of backward compatibility and allow customers to tune the protocol to their own security preferences. The below table outlines for specific interconnections between Genesys products, compatibility with some key considerations around the TLS protocol.

How to read this table:

  • Product (acting as client): This indicates for a given connection the product which is connecting to another Genesys product (the client).
  • Product connections (acting as server): This indicates to which product is being connected (the server).

Thus, each line defines a unique connection between two Genesys products.

The remaining columns indicate current support levels for attributes of this connection as indicated below:

  • TLS 1.2 Support Release #: This column indicates the minimum version of the server-side component necessary to support version 1.2 of the TLS protocol.
  • sec-protocol option support: TLS relies on a handshake (mutual agreement) between client and server to select protocol version to use. This column indicates whether this product can be configured, for this connection, using option sec-protocol to control which protocol versions may be offered in handshaking process. See Advanced TLS for more details.
  • Mutual TLS Support: This column indicates whether in addition to server offering certificate to the client in the connection, the client may also offer certificate to the server (mutual certificate exchange). See Securing Connections using TLS for an example of configuring a connection for mutual certificate exchange.
  • Host configuration to Message Server: Typically, TLS settings can be configured explicitly for each connection, or for convenience at application or host level. However, in earlier implementations connections to Message Server would not leverage TLS settings unless configured at the explicit connection. This column indicates whether when product connects to Message Server whether Host level configuration can be used.
  • FIPS 140-2: This column indicates whether there is optional configuration that leverages a FIPS 140-2 validated cryptographic module for this product’s side of connection. See Federal Information Processing Standards for more details.
  • Compatible with SHA-2 certificates: This column indicates if server certificate can be SHA-2 signed. SHA-2 is preferred over earlier signing algorithms such as MD5 or SHA1.
  • Refer to Security Pack 8.5.100.25 for information on OpenSSL version 1.1.1g, TLS 1.3, and SAN certificate.
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
T-Server for Skype for Business 9.0.000.06 Configuration Server 8.5.101.18 Yes Yes
Message Server 8.5.100.25 Yes Yes
Stat Server 8.5.112.05 Yes Yes
SIP Server 8.1.102.73 Yes Yes
Orchestration Server 8.1.400.86 Yes Yes
Universal Routing Server 8.1.400.52 Yes Yes
SkFB_Connector 9.0.000.06 Yes Yes
SkFB_TServer_backup 9.0.000.06 Yes Yes
Connector for Skype for Business Configuration Server 8.5.101.18 Yes Yes
Message Server 8.5.100.25 Yes Yes
Microsoft Skype for Business 2015 Yes Yes Connection to Microsoft Skype for Business 2015 is entirely controlled by Microsoft libraries and has not been tested in house.
Intelligent Automation 9.0 Universal Contact Server 8.5.100.19 NA
Chat Server 8.5.107.11 NA
Interaction Server 8.5.109.01 NA
Configuration Server 8.5.100.22 NA
Intelligent Automation 3.3.0 Universal Contact Server 8.5.300.05 NA
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Management Framework 8.5+ – all components Configuration Server 8.5.100.22 NA NA NA NA NA
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Solution Control Server 8.5.100.17 NA NA NA NA NA
Local Control Agent 8.5.100.20 NA NA NA NA NA
Configuration Server Proxy 8.5.100.22 NA NA NA NA NA
DB Server 8.1.300.06 NA NA NA NA NA
Universal Contact Server 8.5.100.19+ Configuration Server 8.5.100.22 Yes Yes NA Yes TLSv1.2 support comes from Java. Use -D jdk.tls.client.protocols and jdk.tls.disabledAlgorithms options to enable. Starting with 8.5.3, PEM private key format is supported.
Message Server 8.5.100.13 Yes Yes Yes Yes
Chat Server 8.5.107.11 Yes Yes NA Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes
Email Server 8.5.104.06 Yes Yes NA Yes
Local Control Agent 8.5.100.20 Yes Yes NA Yes
Social Media Server 8.5.400.03 Yes Yes NA Yes
Email Server 8.5.104.08+ Configuration Server 8.5.100.22 Yes Yes NA Yes
Message Server 8.5.100.13 Yes Yes Yes Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes
Universal Contact Server 8.5.100.19 Yes Yes NA Yes
Social Media Server 8.5.400.03+ Configuration Server 8.5.100.22 Yes Yes NA Yes
Message Server 8.5.100.13 Yes Yes Yes Yes
Universal Contact Server 8.5.100.19 Yes Yes NA Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes
Universal Contact Server Proxy 8.5.100.04+ Universal Contact Server 8.5.100.19 Yes Yes NA Yes Yes
Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
TServer for Avaya Communication Manager 8.1.010.30+ Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
ISCC 8.1.010.30 Yes Yes NA Yes Yes
Outbound Contact Server 8.1.508.06+ Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
SIP 8.1.102.58 Yes Yes NA Yes Yes
TServer for Avaya 8.1.010.30 Yes Yes NA Yes Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes Yes
DB Server 8.1.300.06 Yes Yes NA Yes Yes
Real Time Metrics Engine (Stats Server) 8.5.102.00 Yes Yes NA Yes Yes
Orchestration Server 8.1.400.82+ Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Universal Routing Server 8.1.400.22 Yes Yes NA Yes Yes
Real Time Metrics Engine (stats Server) 8.5.107.00 Yes Yes NA Yes Yes
SIP 8.1.102.58 Yes Yes NA Yes Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes Yes
Interaction Concentrator 8.1.514.09+ Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
DB Server 8.1.301.03 Yes Yes NA Yes Yes
SIP 8.1.102.58 Yes Yes NA Yes Yes
Outbound Contact Server 8.1.508.00 Yes Yes NA Yes Yes
Interaction Server 8.5.109.01 Yes Yes NA Yes Yes
Classification Server 8.5.300.01+ Configuration Server 8.5.100.22 Yes Yes NA Yes
Configuration Server Proxy 8.5.100.22 Yes Yes NA
Message Server 8.5.100.13 Yes Yes Yes Yes
Universal Contact Server 8.5.100.19 Yes Yes NA Yes
Interaction Server 8.5.110.01+ Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Configuration Server Proxy 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Universal Contact Server 8.5.100.19 Yes Yes NA Yes Yes
DB Server 8.1.301.03 Yes Yes NA Yes Yes
Chat Server 8.5.107.11 Yes Yes NA Yes Yes
Social Media Server 8.5.400.03 Yes Yes NA Yes Yes
Classification Server 8.5.300.01 Yes Yes NA Yes Yes
Email Server 8.5.104.06 Yes Yes NA Yes Yes
(Server Port) From supporting clients Yes Yes NA Yes Yes
Chat Server 8.5.109.05+ Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Interaction Server 8.5.110.01 Yes Yes NA Yes Yes
Universal Contact Server 8.5.200.19 Yes Yes NA Yes Yes
Cassandra Database 2.28 Yes Yes NA Yes
Digital Messaging Server (with WeChat Driver) 9.000.03+ Configuration Server 8.5.100.22 Yes NA Yes Yes Yes
Solution Control Serer 8.5.100.17 Yes NA Yes Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Universal Contact Server 8.5.200.19 Yes NA Yes Yes Yes
Interaction Server 8.5.110.01 Yes NA Yes Yes Yes
Chat Server 8.5.109.05 Yes NA Yes Yes Yes
(Server Port) From supporting clients Yes NA Yes Yes Yes Digital Messaging Server supports only one port "default" with Listening Mode = secured.
Interaction Server Proxy 8.5.110.01+ Configuration Server 8.5.100.22 Yes NA Yes Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Interaction Server 8.5.110.01 Yes NA Yes Yes Yes
GWS (Web Services and Applications) 8.5.201.85+ Configuration Server 8.5.101.08 NA Yes Yes
  • Cannot connect to a Configuration Server ‘auto-detect’ port. Must connect to a ‘secured’ port.
  • TLS not supported for connection to Message Server.
  • GWS CA Trusted certificate must be configured in application.yaml file only: GWS does not read configuration from Configuration Management Environment.
  • For TLSv1.2 use command line option -Djdk.tls.client.protocols=TLSv1.2 or into JAVA_OPTIONS of /etc/default/gws for CentOS6 or /usr/lib/systemd/system/gws.service for CentOS7.

Example configuration:

serverSettings:
caCertificate:/usr/local/genesys/cacert/ca_cert.pem

onPremiseSettings:
cmeHost: fmk
cmePort: 2021
tlsEnabled: true

Interaction Server 8.5.107.11 NA Yes Yes
Universal Contact Server 8.5.200.10 NA Yes Yes
Chat Server 8.5.109.06 NA Yes Yes
SIP 8.1.102.58 NA Yes Yes
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Mobile Engagement 8.5.107.19+ Configuration Server 8.5.100.22 NA
Message Server 8.5.100.13 Yes
Real Time Metrics Engine (Stats Server) 8.5.102.22 NA
Cassandra Database NA TLS is supported between Cassandra nodes and on JMX port of Cassandra. TLS is not supported from GMS to Cassandra DB.
Chat Server 8. 5.105.05 NA TLS between GSG/GMS and Chat Server in trust server mode (encryption only, no certificate checks). For Chat version 1, add the following option in chat section: chat_ssl_trust_all=true
Universal Contact Server 8.5.200.10 NA TLS between GSG/GMS and Chat Server in trust server mode (encryption only, no certificate checks).
Email Server 8.5.104.06 NA You can set up an HTTPS connection (even in the GMS Connection tab).

Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).

Orchestration Server 8.1.400.53 NA You can set up an HTTPS connection (even in the GMS Connection tab).

Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).

Solution Control Server 8.5.100.17 NA
Universal Routing Server 8.1.400.22 NA You can set up an HTTPS connection (even in the GMS Connection tab).

Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).

Co-Browse 8.5.101+ Configuration Server 8.5.100.22 Yes NA Yes
Message Server 8.5.100.13 Yes Yes Yes
Cassandra Database Yes NA Yes
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Workforce Management Server 8.5.207.09+ To other supporting servers Yes Yes
Workforce Management Builder 8.5.207.05+ To other supporting servers Yes
Workforce Management Daemon 8.5.207.01+ Configuration Server 8.5.101.16 Yes NA Yes
Message Server 8.5.100.13 Yes Yes
Workforce Management Web 8.1.301.02+ Configuration Server 8.5.101.16 Yes NA Yes
Message Server 8.5.100.13 Yes Yes
Workforce Management Aggregator 8.5.203.00+ To other supporting servers Yes
Workforce Management DB Server 8.1.301.02+ To other supporting servers Yes
Genesys Administrator Extensions 8.5.290.09+ (Server Port) From supporting clients Yes NA Yes Add setIncludeProtocols=TLS1.2 in gax.properties.
Configuration Server 8.5.101.16 Yes Yes NA Yes For TLSv1.2 with Java 7, set

-Djdk.tls.client.protocols=TLSv1.2 (not required for Java 8).

Solution Control Server 8.5.100.26 Yes Yes NA Yes For TLSv1.2 with Java 7, set

-Djdk.tls.client.protocols=TLSv1.2 (not required for Java 8).

MSSQL DB MSSQL:SQLServer2014, SQLServer2016, SQLServer2012 Yes NA Yes For TLSv1.2 with Java 7, set

-Djdk.tls.client.protocols=TLSv1.2 (not required for Java 8).

Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Workspace Desktop Edition

8.5.105.12+

Universal Contact Server 8.5.300.09 Yes Yes

8.5.148.04+

NA Yes Through PSDK.NET 9:ESP Protocol

TLS 1.2: 8.5.115.17+

Configuration Server 8.5.100.22 Yes Yes

8.5.148.04+

NA Yes Through PSDK.NET Config 9

TLS 1.2: 8.5.115.17+

Interaction Server 8.5.110.10 Yes Yes

8.5.148.04+

NA Yes Through PSDK.NET OpenMedia 9

TLS 1.2: 8.5.115.17+

SIP Server 8.1.102.58 Yes Yes

8.5.148.04+

NA Yes Through PSDK.NET Voice 9

TLS 1.2: 8.5.115.17+

Chat Server 8.5.107.11 Yes Yes 8.5.148.04+ NA Yes Through PSDK.NET 9: Basic Chat Protocol

TLS 1.2: 8.5.115.17+

Real Time Metrics Engine (Stats Server) 8.5.102.22 Yes Yes

8.5.148.04+

NA Yes Through PSDK.NET 9

TLS 1.2: 8.5.115.17+

Voice Platform Resource Manager 8.5.175.95+ SIP Server 8.1.102.58 Yes Yes NA Yes
Media Control Platform 8.5.176.05 Yes Yes NA Yes
CTI Connector 9.0.010.07 Yes Yes NA Yes Yes
Reporting Server 8.5.181.77 NA
RM Internode NA
Configuration Server 8.5.100.22 NA Yes
Message Server 8.5.100.13
Voice Platform Media Control Platform 8.5.176.05+ Resource Manager 8.5.175.95 Yes Yes NA Yes
Reporting Server 8.5.181.77 NA
Configuration Server 8.5.100.22 Yes Yes NA Yes
Message Server 8.5.100.13
HTTPs (client) 8.5.176.05 Yes Yes NA Yes
ASR/TTS (MRCP v2 Nuance) 8.5.176.05 Yes Yes NA Yes
ASR/TTS (MRCP v1) NA
Nuance/MRCPP NA
Voice Platform MRCP Proxy 8.5.184.42+ Reporting Server 8.5.181.77 Yes NA
Configuration Server 8.5.100.22 Yes Yes NA Yes
Message Server 8.5.100.13
MRCP ASR/TTS NA Media Control Platform can be connected directly to MRCP resource.
MRCP Client NA
Voice Platform UCMConnector (T-Server Cisco UCM to Media Server Connector) 8.5.184.06+ Resource Manager 8.5.175.95 Yes
T-Server
Configuration Server 8.5.100.22 Yes Yes
Message Server 8.5.100.13
Voice Platform Policy Server 8.5.010.10+ Configuration Server Yes
HTTPs Yes
Genesys Administrator Yes
Message Server Yes
Voice Platform CTIConnector 9.0.010.07+ IVR Server 8.5.000.09 Yes Yes Yes Yes
Cisco ICM
Configuration Server 8.1.100.06 Yes Yes Yes Yes
Resource Manager 8.5.181.38 Yes Yes Yes Yes
Message Server 8.5.100.16 Yes Yes Yes Yes Yes
Voice Platform Reporting Server 9.0.010.62+ Configuration Server NA TLSv1.2 configured on Java.
Database Yes NA Mutual TLS with Oracle RAC 12
HTTPS Yes NA TLSv1.2 configured on Java.
RC (Active MQ) Yes NA
Message Server Yes Yes TLSv1.2 configured on Java.
SIP Feature Server 8.1.201.91+ SIP Server NA
Genesys Administrator Extensions NA
Media Control Platform Supporting version NA
Cassandra DB Supporting version Yes NA
Configuration Server NA
Phone NA
SIP Server 8.1.102.25+ Configuration Server 8.5.100.22 Yes Yes Yes Yes Yes
SIP Proxy 8.1.100.57+ Message Server 8.5.100.13 Yes Yes Yes Yes Yes
iWD Manager 9.0.004.07+ Configuration Server 8.1.300.24 Yes Yes NA Yes
Message Server 8.5.100.03 Yes Yes Yes Yes
iWD History Node 9.0.004.07 Yes Yes NA Yes
Interaction Server 8.5.105.04 Yes Yes NA Yes
Universal Contact Server 8.5.300.09 Yes Yes NA Yes
iWD History Node 9.0.004.07+ Configuration Server 8.1.300.24 Yes Yes NA Yes
JMSQ Yes Yes NA Yes
iWD Runtime Node 9.0.004.07+ Configuration Server 8.1.300.24 Yes Yes NA Yes
iWD History Node 9.0.004.07 Yes Yes NA Yes
iWD Web 9.0.004.01+ Configuration Server 8.1.300.24 Yes Yes NA Yes
Message Server 8.5.100.03 Yes Yes Yes Yes
Interaction Server 8.5.105.04 Yes Yes NA Yes
iWD Web Capture Point 9.0.003.07 Yes Yes NA Yes
Browser iWD Web 9.0.004.01 Yes Yes NA Yes
iWD Manager 9.0.004.07 Yes Yes NA Yes
iWD GAX Plugin 9.0.012.07+ iWD Runtime Node 9.0.004.07 Yes Yes NA Yes
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Load Distribution Server 8.1.005.02+ Configuration Server 8.5.100.25 Yess Yes NA Yes Yes
Message Server 8.5.100.11 Yes Yes Yes Yes Yes
SIP 8.1.101.79 Yes Yes NA Yes Yes
Load Distribution Server 8.1.005.02 Yes Yes NA Yes Yes
Universal Routing Server 8.1.400.28+ Load Distribution Server 8.1.005.02 Yes Yes Yes Yes Yes
Interaction Server 8.5.110.01 Yes NA Yes
Platform SDK for Java 8.5.102.02+ Any supporting server Any supporting server Yes Yes Yes Yes FIPS 140-2 requires OpenJDK 8u212 b04+
Platform SDK for .NET 8.5.102.03+ Any supporting Server Any supporting Server Yes Yes Yes Yes
TServer for Avaya TSAPI v.8.1.010.12+ Configuration Server 8.5.100.18 Yes NA
Message Server 8.5.100.20 Yes Yes Yes Yes
Real Time Metrics Engine (Stats Server) 8.5.100.22 Yes Yes NA Yes
Universal Routing Server 8.1.400.52 Yes Yes NA Yes
TServer for Avaya TSAPI 8.1.010.12 Yes Yes NA Yes
TServer for Cisco UCM 8.1.202.34+ TServer for Cisco UCM 8.1.202.34 Yes Yes NA Yes
Configuration Server 8.5.100.25 Yes Yes NA Yes
Message Server 8.5.100.11 Yes Yes Yes Yes
Real Time Metrics Engine (Stats Server) 8.5.104.22 Yes Yes NA Yes
Universal Routing Server 8.1.400.28 Yes Yes NA Yes
Genesys InfoMart 8.5.011.11+ Configuration Server 8.5.100.22 Yes Yes NA Yes Yes
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
Genesys Web Engagement 8.5.000.42+ Configuration Server 8.5.100.02 Yes Yes NA Yes
Message Server 8.5.000.17 Yes Yes Yes
Interaction Server 8.5.105.00 Yes Yes NA Yes
Interaction Server Proxy 8.5.109.13 Yes Yes NA Yes
Real Time Metrics Engine (Stats Server) 8.5.101.05 Yes Yes NA Yes
External Cassandra 2.2.3 Yes Yes NA Yes
Product (acting as client) Product Connections (acting as server) TLS 1.2 Support Release # sec-protocol option support Mutual TLS Support Host configuration to Message Server FIPS 140-2 Compatible with SHA-2 certificates Comments
Pulse 9.0.001.00+ Configuration Server 8.5.101.20 Yes Yes NA Yes
Message Server 8.5.100.11 Yes Yes Yes Yes
MSSQL DB SQL Server 2012 on Windows 2012 R2 and SQL Server 2017 on Linux Yes NA Yes
PostgreSQL DB PostgreSQL Server 10 on Windows 2012 R2 and PostgreSQL Server 10 on Linux Yes NA Yes
Oracle DB Oracle 12c RAC on Linux NA Yes
Pulse Collector 9.0.001.01+ Configuration Server 8.5.101.20 Yes Yes NA Yes
Message Server 8.5.100.11 Yes Yes Yes
Real Time Metrics Engine (Stats Server) 8.5.104.22 Yes Yes NA Yes
DB Server 8.1.302.02 Yes Yes NA Yes
MSSQL DB SQL Server 2012 on Windows 2012 R2 and SQL Server 2017 on Linux Yes NA Yes
PostgreSQL DB PostgreSQL Server 10 on Windows 2012 R2 and PostgreSQL Server 10 on Linux Yes NA Yes
Oracle DB Oracle 12c RAC on Linux NA Yes
Real Time Metrics Engine (Stats Server) 8.5.110.14+ Configuration Server 8.5.100.22 Yes NA Yes
Message Server 8.5.100.13 Yes Yes Yes Yes
SIP-Server 8.1.102.58 Yes Yes NA Yes
Interaction Server 8.5.201.05 Yes Yes NA Yes
DB Server 8.1.301.03 Yes Yes NA Yes
Universal Routing Server 8.1.400.56+ Configuration Server 8.5.100.22 NA
Message Server 8.5.100.13 Yes Yes Yes Yes Yes
SIP Server 8.1.102.50 Yes Yes NA Yes Yes
Orchestration Server 8.1.400.82 Yes Yes NA Yes Yes
Real Time Metrics Engine (Stats Server) 8.5.102.00 Yes Yes NA Yes Yes
IIS Web Server IIS7 NA Yes
This page was last edited on August 19, 2021, at 08:55.
Comments or questions about this documentation? Contact us for support!