Friday, January 26, 2018

Microsoft Dynamics GP and TLS 1.0

Is not too often that you will hear me saying anything negative about my beloved Microsoft Dynamics GP, but it is quite disheartening, to say the least, to see Microsoft not addressing the industry move away from TLS 1.0 as it relates to Dynamics GP.

Background

TLS or Transport Layer Security protocol provides privacy and data integrity between applications wishing to exchange data. TLS ensures that the connection is private, because it uses symmetric keys to encrypt the data between the parties; the identity of the communicating parties can be authenticated via some public key; and the connection ensures some level of message integrity, because there's a message integrity check via a message authentication code.

As you would expect, TLS 1.0, 1.1, 1.2, 1.3 (draft), etc., are simply, progressive implementations, albeit with substantial differences that in some cases preclude interoperability between versions, of the same protocol. What is key however to this discussion is the age of each. For example, TLS 1.0 has been around since 1999, so suffice to say, that's extremely Mesozoic in technology years.

Acknowledging the security risks faced by companies and business applications still relying on TLS 1.0, the PCI Council voted to end support for TLS 1.0 as June 30, 2016. However, on December 15, 2015, they backtracked and extended the deadline to June 30, 2018.

You can read the full details in this PCI Council blog article:

Date Change for Migrating from SSL and Early TLS

Microsoft Dynamics GP

At this point, it's safe to assume you see the impact this has on Microsoft Dynamics GP, but I will summarize the list of applications that are currently impacted by this:

  • Web Services for Microsoft Dynamics GP
  • Business Portal for Microsoft Dynamics GP (it relies on Web Services)
  • Web Client (both Silverlight and HTML5 clients)
  • Service Based Architecture

Edit: If you disable TLS 1.0 in IIS, for example, none of the above services will be able to authenticate and communicate to Microsoft Dynamics GP. 

This problem even affects the newly minted GP 2018.

See Also


Until next post,

MG.-
Mariano Gomez, MVP