SSL TLS 1.2

Please make sure that your XELOS system is configured correctly.

Please make sure that your XELOS system is configured correctly.

TLS 1.2 since January 2020

As of January 2020, TLS 1.0 and TLS 1.1 encryption is no longer supported and it is strongly recommended to secure communication via SSL TLS 1.2.
This change will be enforced from March onwards by many manufacturers through warnings and patches to users and administrators. We have summarized the effects and necessary changes for XELOS systems in this article.

 

Warnings and error messages from March 2020

Browser

All current browsers will allow communication only via TLS1.2 (or higher) in the coming updates and block other connections.

 

Active Directory

Upcoming patches (March 2020) from Microsoft for the Active Directory will in future only support LDAPS over TLS for LDAP connections.
If you use XELOS with the authentication method Active Directory and/or Active Directory synchronization and use the LDAP protocol (without SSL), it will no longer be possible to log in to XELOS.

 

WebDAV drive

Please make sure that Windows clients are not outdated and especially that KB3140245 and KB3076949 are installed. (Windows 10 should not be affected)

 

XELOS Office Integration (XOI)

If you are using an older version of the XELOS Office Integration, please upgrade to the latest version for TLS 1.2 support.

 

Is your XELOS installation affected?

All XELOS configurations normally support TLS 1.2, so a complete failure after a browser update is very unlikely. However, the possibility to communicate on TLS 1.0/1.1 should also be switched off.

Check your SSL settings e.g. with the Qualys SSL Test - if you get an A+ rating your connection is configured according to the current best practice:

Otherwise check the warnings / notes:

 

Main steps for updating

XELOS as a Docker Container (standard since the end of 2018)

Update the XELOS Docker Container using the standard update procedure (run in the Docker configuration directory [ /server/docker/xelos]):

  1. docker-compose pull
  2. docker-compose up -d
 

Other XELOS installation (installation before 2018)

Update the NGINX configuration and change the entry "ssl_protocols" in /etc/nginx/conf.d/xelos.conf to TLSv1.2:

ssl_protocols TLSv1.2;

 

Update Active Directory Auth / Sync

Enable SSL/TLS for communication from XELOS to Active Directory If the TLS root certificate of the Active Directory is not known, the option "Ignore TLS certificate" must also be checked so that the connection works without errors. (Spät ab XELOS 8.2.2)

Sie benutzen noch kein XELOS Social Workplace?

Jetzt informieren!

Durch klick auf den Link "jetzt informieren", gelangen Sie auf unsere Produktseite "xelos.net".