As with everything, over the years vulnerabilities have been discovered in SSLv2 and SSLv3. After SSLv3 the protocol was renamed to TLS (Transport Layer Security) v1.0. The latest version and only protocol now recognized as safe is TLSv1.2. TLS is a cryptographic protocol used to establish a secure communications channel between two systems. It is used to authenticate one or both systems and protect the confidentiality and integrity of information that passes between systems. It was originally developed as Secure Sockets Layer (SSL) by Netscape in the early 1990s. Standardized by the Internet Engineering Taskforce (IETF), TLS has undergone several revisions to improve security to block known attacks and add support for new cryptographic algorithms, with major revisions to SSL 3.0 in 1996, TLS 1.0 in 1990, TLS 1.1 in 2006, and TLS 1.2 in 2008.
Many of RentWorks’ interfaces require secure connections to other computer systems using a secure protocol. As RentWorks runs on top of Progress Software’s OpenEdge development platform, we rely on their support of these various versions of the secure protocol. Some of the interfaces that require the upgrade to TLSv1.2 include credit card processing via CenPOS and Vantiv, as well as our interface with Equifax, and also our interfaces to DMS systems such as Reynolds & Reynolds and CDK (formerly ADP).
It became necessary to upgrade Progress OpenEdge to a minimum of version 11.6 to enable support for TLSv1.2 for all of the above interfaces. This necessitated upgrading 70+ servers at Amazon Web Services as well as client PCs where the connection was being generated from the client. This was an enormous task that has taken weeks to implement.
June 30, 2018 is the deadline for disabling SSL/early TLS and implementing a more secure encryption protocol – TLS 1.1 or higher (TLS v1.2 is strongly encouraged) in order to meet the PCI Data Security Standard (PCI DSS) for safeguarding payment data.
Between now and June 30, organizations that have not completed their migration should provide the Approved Scanning Vendor (ASV) with documented confirmation that they have implemented a Risk Mitigation and Migration Plan and are working to complete their migration by the required date.
Migrate to a minimum of TLS 1.1, preferably TLS 1.2. While it is possible to implement countermeasures against some attacks on TLS, migrating to a later version of TLS (TLS 1.2 is strongly encouraged) is the only reliable method to protect against the current protocol vulnerabilities.
Patch TLS software against implementation vulnerabilities. Implementation vulnerabilities, such as Heartbleed in OpenSSL, can pose serious risks. Keep TLS software up-to-date to ensure it is patched against these vulnerabilities and have countermeasures for other attacks.
Configure TLS securely. In addition to providing support for later versions of TLS, ensure the TLS implementation is configured securely. Ensure that secure TLS cipher suites and key sizes are supported and disable support for other cipher suites that are not necessary for interoperability.
If you need help running your RentWorks software with these new connections and protocols, call us today at 973-989-2423. We will help you ensure that your system stays safe and protected.