Jump to: navigation, search

TLS Protocol Support

If you deal with sensitive data, a top priority for you is conforming to the PCI DSS-compliance standards to safeguard your customers and protect your brand is a top priority. 30 June, 2018 was the deadline to disable SSL/early TLS and implement a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS). It is possible for a customer to use the Genesys suite of products in a manner that complies with the security-related business standards such as PCI DSS. However, Genesys products are only tools for the customer to use and the products do not ensure or enforce compliance with these standards. It is solely the customer's responsibility to ensure that the use of the Genesys suite of products complies with these business standards. Genesys recommends that the customer take steps for ensuring compliance with these business standards and other applicable local security requirements as well. PCI compliance requires several other measures by enterprises. This page provides general information relevant to Genesys products' support for TLS 1.2.

Product Product Connections TLS 1.2 Support Release # Compatible with SHA2 certificates
Sec-Protocol Option Support
Conditions
Intelligent Automation Universal Contact Server 8.5.100.19
Chat Server 8.5.107.11
Interaction Server 8.5.109.01
Configuration Server 8.5.100.22
Management Framework Configuration Server 8.5.100.22 Yes Yes
Message Server 8.5.100.13 Yes
SCS 8.5.100.17 Yes
Local Control Agent 8.5.100.20 Yes
CS Proxy 8.5.100.22 Yes
DB Server 8.1.300.06 Yes
Universal Contact Server


8.5.300.01
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Chat Server 8.5.107.11
Yes


Interaction Server 8.5.109.01
Yes


Email Server 8.5.104.06
Yes


Local Control Agent 8.5.100.20
Yes


Social Media Server 8.5.400.03
Yes


Email Server


8.5.104.06
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Interaction Server 8.5.109.01
Yes


Universal Contact Server 8.5.100.19
Yes


Social Media Server
. 8.5.400.03
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Universal Contact Server 8.5.100.19
Yes


Interaction Server 8.5.109.01
Yes


Universal Contact Server Proxy


8.5.100.04
Yes
Yes


Universal Contact Server 8.5.100.19
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


T-Server for Avaya Communication Manager


8.1.010.30
Yes
Yes


Configuration Server 8.5.100.22
Yes



Message Server 8.5.100.13
Yes



Outbound Contact Server


8.1.508.02
Yes
Yes
v.8.1.508.01+


Message Server 8.5.100.13
Yes


Configuration Server 8.5.100.22
Yes


SIP Server 8.1.102.58
Yes


Avaya T-Server 8.1.010.30
Yes


Interaction Server 8.5.109.01
Yes


DB Server 8.1.300.06
Yes


Stat Server 8.5.102.00
Yes


Orchestration Server


8.1.400.58
Yes
Yes


Message Server 8.5.100.13
Yes


Configuration Server 8.5.100.22
Yes


Universal Routing Server 8.1.400.22
Yes


Stat Server 8.5.107.00
Yes


SIP Server 8.1.102.58
Yes


Interaction Server 8.5.109.01
Yes


Interaction Concentrator


8.1.514.03
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


DB Server 8.1.301.03
Yes


SIP Server 8.1.102.58
Yes


Outbound Contact Server 8.1.508.00
Yes


Interaction Server 8.5.109.01
Yes


Classification Server


8.5.300.01
Yes
Yes


Configuration Server 8.5.100.22
Yes


Configuration Server Proxy 8.5.100.22



Message Server 8.5.100.13
Yes


Universal Contact Server 8.5.100.19
Yes


Local Control Agent 8.5.100.20
Yes


Interaction Server


8.5.110.01


Yes
Interaction Server was verified on: Linux 64 and Windows 2008R
Client to:


Configuration Server 8.5.100.22
Yes
Yes


Configuration Server Proxy 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Local Control Agent 8.5.100.20
Yes


Universal Contact Server 8.5.100.19
Yes


DB Server 8.1.301.03
Yes


Chat Server 8.5.107.11
Yes


Social Media Server 8.5.400.03
Yes


Classification Server 8.5.300.01
Yes


Email Server 8.5.104.06
Yes


Server to:


Interaction Proxy 8.5.110.01
Yes
Yes


Orchestration Server 8.1.400.58
Yes


Interaction Concentrator 8.1.514.03
Yes


Universal Routing Server 8.1.400.22
Yes


Outbound Contact Server 8.1.508.00
Yes


Stat Server 8.5.107.03
Yes


Email Server 8.5.104.06
Yes


Social Media Server 8.5.400.03
Yes


Chat Server 8.5.107.11
Yes


Chat Server


8.5.109.05




Configuration Server 8.5.100.22
Yes
Yes


Message Server 8.5.100.13
Yes


Interaction Server 8.5.110.01
Yes


Universal Contact Server 8.5.200.19
Yes


Cassandra 2.28
Yes


Digital Messaging Server with WeChat driver


9.000.03
Yes
Yes
Digital Messaging Server supports only one port "default" with Listening Mode = secured
Client to:


Configuration Server 8.5.100.22
Yes
Yes


Solution Control Server 8.5.100.17
Yes


Message Server 8.5.100.13
Yes


Universal Contact Server 8.5.200.19
Yes


Interaction Server 8.5.110.01
Yes


Chat Server 8.5.109.05
Yes


Server to:


Interaction Server 8.5.110.01
Yes
Yes


Interaction Server Proxy


8.5.110.01
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


Interaction Server 8.5.110.01
Yes


Web Services and Applications


8.5.201.85
Yes
No
  • Simple TLS ONLY.
  • Mutual TLS is not supported.
  • Configuration Server Auto-detect port is not supported, must use ‘secured’.
  • FIPS compliant.
  • Connection to MS is not supported.
  • ‘Client-side’ option is NOT supported
  • TLS 1.2 supported on all connections:
  • add “-Djdk.tls.client.protocols=TLSv1.2” into command line or into JAVA_OPTIONS of “/etc/default/gws” for CentOS6 or “/usr/lib/systemd/system/gws.service“ for CentOS7

GWS CA Trusted certificate must be configured in application.yaml file only: (GWS do not read configuration from CME)

  • serverSettings:
    • caCertificate: /usr/local/genesys/cacert/ca_cert.pem




onPremiseSettings: <br />cmeHost: fmk<br />cmePort: 2021<br />tlsEnabled: true


Configuration Server 8.5.101.08
Yes
Interaction Server 8.5.107.11
Yes
Universal Contact Server 8.5.200.10
Yes
Chat Server 8.5.109.06
Yes
SIP Server 8.1.102.58
Yes
Genesys Mobile Engagement


8.5.107.19




Configuration Server 8.5.100.22


Message Server 8.5.100.13


Statistics Server 8.5.102.22


Cassandra 2.28 TLS for GMS+Cassandra is not supported.
Chat Server 8.5.105.05 Chat v2: TLS between GSG/GMS and Chat Server in trust server mode (do not check the certificate). Chat v1: for TLS management, add the following option in chat section: chat_ssl_trust_all=true
Universal Contact Server 8.5.200.10 TLS between GSG/GMS and Universal Contact Server in trust server mode (do not check the certificate).
Email Server 8.5.104.06 You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Orchestration Server 8.1.400.53 You can set up an HTTPS connection (even in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set ((section gms, option http.ssl_trust_all, value=false, true).
Web API Server


You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Solution Control Server 8.5.100.17


Universal Routing Server 8.1.400.22 You can set up an HTTPS connection. Not configured at startup (that is, not in the GMS Connection tab). Note: GMS uses HTTPClientFactory, and a TLS option can be set (section gms, option http.ssl_trust_all, value=false, true).
Co-browse


8.5.000
Yes
Yes


Configuration Server 8.5.100.22
Yes


Message Server 8.5.100.13
Yes


External Cassandra 8.5.100
Yes


Workforce Management



Yes



WFM Server 8.5.207.09
Yes
Yes


WFM Builder 8.5.207.05
Yes
Yes


WFM Demon 8.5.207.01
Yes
Yes


WFM Web 8.1.301.02
Yes
Yes


WFM Aggregator 8.5.203.00
Yes
Yes


WFM DB Server 8.1.301.02
Yes



Voice Platform Resource Manager


8.5.175.95




SIP Server 8.1.102.58
Yes
Yes


Media Control Platform 8.5.176.05
Yes
Yes


CTI Connector 9.0.010.07
Yes
Yes


Reporting Server 8.5.181.77


No


RM Internode Not Applicable
No
No


Configuration Server 8.5.100.22
Yes
Yes


Local Control Agent Not Applicable Not Applicable Not Applicable


Message Server 8.5.100.13


No


Voice Platform Media Control Platform


8.5.176.05




Resource Manager 8.5.175.95
Yes
Yes


Reporting Server 8.5.181.77


No


Configuration Server 8.5.100.22
Yes
Yes


Local Control Agent Not Applicable Not Applicable Not Applicable


Message Server 8.5.100.13


No


HTTPS (Client) 8.5.176.05
Yes
Yes


ASR/TTS (MRCP v2 Nuance) 8.5.176.05
Yes
Yes


ASR/TTS(MRCP v1 Nuance/MRCPP) Not Applicable Not Applicable Not Applicable


Voice Platform MRCP Proxy


8.5.184.42




Reporting Server 8.5.181.77


No


Configuration Server 8.5.100.22
Yes
Yes


Local Control Agent Not Applicable Not Applicable Not Applicable


Message Server 8.5.100.13


No


MRCP ASR/TTS Not Applicable
No
No


MRCP Client Not Applicable
No
No


Voice Platform UCMConnector

(T-Server-CUCM to Media Server Connector)


8.5.184.06




Resource Manager 8.5.175.95


Yes


T-Server Not Applicable
No
No


Configuration Server 8.5.100.22
Yes
Yes


Message Server 8.5.100.13




Local Control Agent Not Applicable Not Applicable Not Applicable


Voice Platform Policy Server Configuration Server
No
Yes



HTTPS
No
Yes



Genesys Administrator UI
No
Yes



Message Server
No
Yes



Local Control Agent Not Applicable Not Applicable Not Applicable


Voice Platform CTIConnector






IVR Server 9.0.010.07
Yes
Yes


Cisco UCM Not Applicable
No



Configuration Server 9.0.010.07
Yes
Yes


Resource Manager 9.0.010.07
Yes
Yes


Message Server 9.0.010.07
Yes
Yes


Voice Platform Reporting Server






Configuration Server 9.0.010.62



Java level TLS protocol option support
Database 9.0.010.62



Oracle database - Oracle 12c RAC -Mutual TLS

SQL Server 2012 - Simple TLS

HTTPS 9.0.010.62



Java level TLS protocol option support
RC (Active MQ) 9.0.010.62




Message Server 9.0.010.62



Java level TLS protocol option support
WD Manager

9.0.004.07

Configuration Server 8.1.300.24



Message Server 8.5.100.03



iWD HistoryNode 9.0.004.07



IS 8.5.105.04



Universal Contact Server 8.5.300.09



iWD HistoryNode

9.0.004.07

Configuration Server 8.1.300.24



Message Server 8.5.100.03



JMSQ



iWD RuntimeNode

9.0.004.07

Configuration Server 8.1.300.24



Message Server 8.5.100.03



iWD HistoryNode 9.0.004.07



iWD Web

9.0.004.01

Configuration Server 8.1.300.24



Message Server 8.5.100.03



IS 8.5.105.04



iWD Web CapturePoint 9.0.003.07



Browser iWD Web 9.0.004.01



iWD Manager 9.0.004.07



iWD GAX Plugin iWD RuntimeNode 9.0.004.07



LDS TProxy2

8.1.1005.02


Configuration Server 8.5.100.25 Yes Yes
Message Server 8.5.100.11 Yes Yes
SIP Server 8.1.101.79 Yes Yes
LDS TProxy2

8.1.005.02

LDS TProxy1 8.1.005.02 Yes Yes
LDS TProxy1 bkp 8.1.100.02 Yes Yes
Configuration Server 8.5.100.25 Yes Yes
Message Server 8.5.100.11 Yes Yes
Universal Routing Server

8.1.400.28

LDS TProxy2 8.10.005.02 Yes Yes
LDS TProxy1 bkp Configuration Server 8.5.100.25 Yes Yes
Message Server 8.5.100.11 Yes Yes
SIP Server 8.1.101.79 Yes Yes
GAX 8.5.290.09 Yes Yes For HTTPS add ‘setIncludeProtocols= TLS1.2’ in gax.properties.

For connections to other servers, if using Java 7.

set -Djdk.tls.client.protocols=TLSv1.2.

For Java 8 this is not needed as TLS1.2 is the default.

Configuration Server 8.5.101.16 Yes Yes
SCS 8.5.100.26 Yes Yes
MS-SQL Database SQLServer 2014, SQLServer 2016, SQLServer 2012 Yes Yes
Platform SDK Platform SDK for Java 8.5.x, 9.0 8.5.102.03 Yes Yes  
Platform SDK for .NET 8.5.x, 9.0 8.5.102.3 Yes Yes  
SIP Server
8.102.25
Configuration Server 8.5.100.22 Yes Yes  
SIP Proxy
8.1.100.57
Message Server 8.5.100.13 Yes Yes  
T-Server for Avaya TSAPI
8.1.010.12 Yes Yes



Message Server 8.5.100.20 Yes Yes  
SIP Server 8.5.100.22 Yes Yes  
Universal Routing Server 8.1.400.52 Yes Yes  
T-Server for Cisco Unified Communications Manager   8.1.202.34 Yes Yes  
Configuration Server 8.5.100.25 Yes Yes  
Message Server 8.5.100.11 Yes Yes  
SIP Server 8.5.104.22 Yes Yes  
Universal Routing Server 8.1.400.28 Yes Yes  
           

Feedback

Comment on this article:

blog comments powered by Disqus
This page was last modified on October 31, 2018, at 07:27.