- Revenera Community
- :
- FlexNet Operations
- :
- FlexNet Operations Forum
- :
- Re: FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change
FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change
Upcoming scheduled maintenance notice
TLS (Transport Security Layer) is a cryptographic protocol that secures communications over networks. It is the successor of the SSL (Secure Socket Layer) protocol. TLS Version 1.0 was first defined in 1999 and since then has been superseded by newer versions. Due to existing vulnerabilities in TLS 1.0 and 1.1, Flexera will discontinue support for these versions in FlexNet Operations Cloud and FlexNet Connect Cloud using the following schedule:
UAT
PDT Tuesday, June 11, 2019 10:00 AM - 12:00 PM
UTC Tuesday, June 11, 2019 5:00 PM - 7:00 PM
UAT endpoints affected:
FNO LLM Producer Portal - manageruat.flexnetoperations.com, manageruat.subscribenet.com
FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname
Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com
FlexNet Connect Cloud - *.installshield.com
Production
PDT Tuesday, September 10, 2019, 10:00 AM - 12:00 PM
UTC Tuesday, September 10, 2019, 5:00 PM - 7:00 PM
Production endpoints affected:
FNO LLM Producer Portal - manager.flexnetoperations.com, manager.subscribenet.com
FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname
Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com
FlexNet Connect Cloud - *.installshield.com
After these dates, browsers or API clients connecting to these endpoints must connect via TLS 1.2. Please pay special attention to this notification if you have any integrations running against the FlexNet Operations service.
It is especially important for customers to test their FNE clients in UAT before the change is made in Production. FNE clients can communicate with FNO and/or CLS over one of two endpoints; the Enterprise Portal (customer-name.flexnetoperations.com) or the compliance endpoint (customer-name.compliance.flexnetoperations.com).
If you have any questions related to this notification or any difficulties applying the required changes, please do not hesitate to reach out to our support desk. Details to contact Flexera Support can be found here https://community.flexera.com/t5/Support-Information/Support-Contacts/ta-p/94720.
In the past when we have depreciated SSL protocols the majority of the problems were seen with integrations that were using some older version software that did not support the latest SSL protocols. For example one customer was using JAVA 1.6 which didn't support the newer SSL protocols. Another customer was running an older version of TIBCO that didn't support the newer SSL protocols. In both cases the customers had to upgrade the software to newer versions that supported the newer SSL protocols.
For FlexNet Embedded (FNE) customers if your FNE clients are running on older OS's that do not support TLS 1.2 or higher communication with FNOC will fail and cause FNE licensing to fail.
Unfortunately there is no magic document for this. You need to identify which components and versions are involved in sending the communication to our systems. Your tools that send the SOAP requests may be built on JAVA, .NET or another platform and you will need to check the version and see if and how to include support for the TLS 1.2 protocol. You OS may also be a factor. For example if you are running a Linux system you may be using a version of OpenSSL to control secure communication and will need to check these to make sure they support TLS 1.2. You may need to apply an update to an individual component or take some action to enable TLS 1.2 support. Hopefully this will help get you started on where and what to look for with your integration.
We were able to resolve this issue in our C# cloud based tool by updating to .NET v4.6 which defaults to using TLS v1.2. When we changed the project settings, we needed to manually change the reference to the httpRuntime targetFramework. We also needed to update the SOAP created objects by going to our Connected Services and then right clicking on each of the services (ours are EntitlementOrderService, ManageDeviceService, and UserOrgHierarchyService) and selecting "Update Service Reference".
With these changes, we are now compatible with the recent changes. Hopefully this will help someone else if they run into something similar.