Microsoft Dynamics GP and TLS 1.0

Is not too often that you will hear me saying anything negative about my beloved Microsoft Dynamics GP, but it is quite disheartening, to say the least, to see Microsoft not addressing the industry move away from TLS 1.0 as it relates to Dynamics GP.

Background

 TLS or Transport Layer Security protocol provides privacy and data integrity between applications wishing to exchange data. TLS ensures that the connection is private, because it uses symmetric keys to encrypt the data between the parties; the identity of the communicating parties can be authenticated via some public key; and the connection ensures some level of message integrity, because there's a message integrity check via a message authentication code.

As you would expect, TLS 1.0, 1.1, 1.2, 1.3 (draft), etc., are simply, progressive implementations, albeit with substantial differences that in some cases preclude interoperability between versions, of the same protocol. What is key however to this discussion is the age of each. For example, TLS 1.0 has been around since 1999, so suffice to say, that's extremely Mesozoic in technology years.

Acknowledging the security risks faced by companies and business applications still relying on TLS 1.0, the PCI Council voted to end support for TLS 1.0 as June 30, 2016. However, on December 15, 2015, they backtracked and extended the deadline to June 30, 2018.

You can read the full details in this PCI Council blog article:

Date Change for Migrating from SSL and Early TLS

Microsoft Dynamics GP

 At this point, it's safe to assume you see the impact this has on Microsoft Dynamics GP, but I will summarize the list of applications that are currently impacted by this:

  • Web Services for Microsoft Dynamics GP
  • Business Portal for Microsoft Dynamics GP (it relies on Web Services)
  • Web Client (both Silverlight and HTML5 clients)
  • Service Based Architecture

Edit: If you disable TLS 1.0 in IIS, for example, none of the above services will be able to authenticate and communicate to Microsoft Dynamics GP. 

This problem even affects the newly minted GP 2018.

See Also


Until next post,

MG.-
Mariano Gomez, MVP

Comments

Unknown said…
I was going to ask what the issue was, now seen the edit in the post. But still not much meat on this post as to what technically the root issue that needs addressing is in relation to GP.

Would be interested in what actually happens and why it fails if TLS 1.0 is revoked and what kind of thing MS need to do to address it.


thanks,
Tim
January 29, 2018 at 5:27 AM
Beat BUCHER said…
Thanks Mariano from shedding some light on a pretty obscure protocol that no one thinks about until it's suddenly gone.
A similar thing happened to me recently as on old .DLL from Microsoft that was used unchanged since 1998 suddenly got updated thru the regular channel (WSUS) and put a halt on applications that were relying on it :-(
This sounds very much like the right hand doesn't know what the left hand is doing.. they don't even talk each other!
Phil Massey posted a related concern on LinkedIn too :
https://is.gd/KBHSG9
Someone should talk to MS and raise the issue and how this is going to be fixed..
February 8, 2018 at 9:01 AM
Anonymous said…
Hello all, just wanted to chime in to point the discussion to a blog post I posted today regarding this issue. Feel free to reach out to me if you have any other questions or concerns about this.

https://community.dynamics.com/gp/b/dynamicsgp/archive/2018/02/16/dynamics-gp-and-tls-1-0

Dan P.
Microsoft Dynamics GP Support
February 16, 2018 at 4:59 PM
Mariano Gomez said…
Dan,

Thanks so much for the update. I really appreciate it and all things being fair, I will post an update pointing to your article.

Best regards,

MG.-
February 17, 2018 at 10:34 AM
Unknown said…
Has there been a fix yet? I'm currently trying to troubleshoot an issue with an older version of (GP 2013) and the only issue I'm running into is getting the desktop client to connect to the GP server. Any solutions would be helpful. Thanks.
June 21, 2018 at 5:16 PM
Post a Comment

Popular posts from this blog

DBMS: 12 Microsoft Dynamics GP: 0 error when updating to Microsoft Dynamics GP 2013 R2

Image
Hello all! It's been quite a while since I've actually written anything of remote interest to anyone who follows my blog, but at the same time, you will be pleased to know that I've been quite busy in the consulting front, with upgrades, server migrations, complex multi-instance postings involving 10's of thousands of transactions, wrapping up some Field Service Automation projects, and the list goes on and on. This time around I want to bring to the forefront, an issue I encountered updating  from Microsoft Dynamics GP 2013 SP2 to Microsoft Dynamics GP 2013 R2 plus the latest service pack. Background My client requested a server migration to a new environment where they wanted to deploy Dynamics GP 2013 R2 web client (plus the latest service pack) and upgrade their relational database management system to Microsoft SQL Server 2014. This is something I'm absolutely comfortable with (for the most part) given also that my client was sitting at Microsoft Dynamics
Read more

Cannot insert the value NULL into column 'CONTACT' error when clicking on Items List in Navigation Pane

Image
Moving on from my previous article on a similar subject - see Cannot insert the value NULL into column 'BASEUOFM' error when clicking on Items List in Navigation Pane , I recently came across this error,  Cannot insert the value NULL into column 'CONTACT' when clicking on the All Purchasing Transactions list under the Purchasing Navigation Pane option, after performing an upgrade from Microsoft Dynamics GP 9.0 to Microsoft Dynamics GP 2010 R2. All Purchasing Transactions list error - Purchasing Navigation List The name of the global temp table - in this case, tempdb.dbo.##2093338- varies in almost all cases, but the end result of the error is the same. The issue has been identified running Microsoft Dynamics GP 2010 RTM, SP1 or SP2. Upon further review, the issue is due to bad data in the Vendor ID (VENDORID) column in the Purchasing Receipt History table (POP30300). In summary, if you have a purchasing receipt with a blank vendor ID or a vendor ID that doe
Read more

How to uninstall Microsoft Dynamics GP 10.0 if you cannot uninstall it by using the "Add or Remove Programs" feature

INTRODUCTION This article describes how to uninstall an existing Microsoft Dynamics GP v10 system if you cannot uninstall it by using the Add or Remove Programs feature (or Programs and Features in Windows Vista) in Control Panel. It is recommended that you verify that you cannot uninstall by using Add or Remove Programs first. MORE INFORMATION First, verify that you cannot uninstall Microsoft Dynamics GP by using Add or Remove Programs (or Programs and Features) To verify that you cannot uninstall Microsoft Dynamics GP by using Add or Remove Programs (or Programs and Features in Windows Vista), follow these steps. For Windows XP or Windows Server 2003: 1. Click Start, click Run, type control appwiz.cpl in the Open box, and then press ENTER. 2. Click to select Microsoft Dynamics GP 10.0 product from the application list, and then click Remove. For Windows Vista: 1. Click Start, type Programs and Features in the Search box, and then press ENTER. 2. Click to select the product to be un
Read more