Disabling weak TLS protocols

111 views 0

How to configure Atomia applications to use TLS 1.2.

Overview

You may need to disable SSL3, TLS 1.0, TLS 1.1 and use only newer versions of the protocol as TLS 1.2. If you want to disable older protocols and use only TLS 1.2, you will need to:

  • Install a .NET framework patch
  • Configure Atomia applications to use TLS 1.2
  • Make sure your database supports TLS 1.2

Updating .NET framework

If you do not update servers regularly, you will need to install the patch that adds support for TLS 1.2 to the .NET framework. For example, you can install one of the next two updates:

  • 2017-09 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Server 2012 R2 for x64
  • 2017-11 Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 on Windows 8.1 and Server 2012 R2 for x64

Configuring Atomia

You need to change the configuration of Atomia applications and insert the next three flags to enable TLS 1.2:

  • Switch.System.ServiceModel.DisableUsingServicePointManagerSecurityProtocols=false,
  • Switch.System.ServiceModel.DontEnableSystemDefaultTlsVersions=false and
  • Switch.System.Net.DontEnableSchUseStrongCrypto=false.

You can do it by downloading and applying the next transformation files:

Billing API:
C:\Program Files (x86)\Atomia\BillingAPIs\AccountApi\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\BillingAPIs\BillingApi\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\BillingAPIs\OrderApi\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\BillingAPIs\TickerService\Transformation Files
Atomia.Billing.Services.TickerService.exe.config.ConfigurableTls.config

Identity:
C:\Program Files (x86)\Atomia\Identity\STS\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\Identity\UserAPI\Transformation Files
Web.config.ConfigurableTls.config

GUI applications:
C:\Program Files (x86)\Atomia\Store\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\AdminPanel\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\BillingCustomerPanel\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\HostingControlPanel\Transformation Files
Web.config.ConfigurableTls.Insert.config

Automation server:
C:\Program Files (x86)\Atomia\AutomationServer\Web\Transformation Files
Web.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\AutomationServerClient\Transformation Files
AutomationServerClient.exe.config.ConfigurableTls.config

C:\Program Files (x86)\Atomia\AutomationServer\AutomationServerEngine\Transformation Files
Atomia.Provisioning.MessageQueueListener.exe.config.ConfigurableTls.config

Keep in mind

Please use the transformation files listed above as they are only if you have latest Atomia version installed. You may need to adapt them a little for older Atomia versions or if you have some custom settings.

Updating database

If you are using the Microsoft SQL Server, make sure that you have a version that supports TLS 1.2. If the SQL server does not support TLS 1.2, you will need to install a patch/update for TLS. You can find more information on the link.

Was this helpful?