FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change
FlexNet Operations Cloud and FlexNet Connect Cloud TLS Change
Upcoming scheduled maintenance notice
TLS (Transport Security Layer) is a cryptographic protocol that secures communications over networks. It is the successor of the SSL (Secure Socket Layer) protocol. TLS Version 1.0 was first defined in 1999 and since then has been superseded by newer versions. Due to existing vulnerabilities in TLS 1.0 and 1.1, Flexera will discontinue support for these versions in FlexNet Operations Cloud and FlexNet Connect Cloud using the following schedule:
UAT PDT Tuesday, June 11, 2019 10:00 AM - 12:00 PM UTC Tuesday, June 11, 2019 5:00 PM - 7:00 PM
UAT endpoints affected: FNO LLM Producer Portal - manageruat.flexnetoperations.com, manageruat.subscribenet.com FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com FlexNet Connect Cloud - *.installshield.com
Production PDT Tuesday, September 10, 2019, 10:00 AM - 12:00 PM UTC Tuesday, September 10, 2019, 5:00 PM - 7:00 PM
Production endpoints affected: FNO LLM Producer Portal - manager.flexnetoperations.com, manager.subscribenet.com FNO ALM and LLM Enterprise and Producer Portals - *.flexnetoperations.com or *.subscribenet.com – this is your branded hostname Compliance endpoint (FNO LLM and ALM) - *.compliance.flexnetoperations.com FlexNet Connect Cloud - *.installshield.com
After these dates, browsers or API clients connecting to these endpoints must connect via TLS 1.2. Please pay special attention to this notification if you have any integrations running against the FlexNet Operations service.
It is especially important for customers to test their FNE clients in UAT before the change is made in Production. FNE clients can communicate with FNO and/or CLS over one of two endpoints; the Enterprise Portal (customer-name.flexnetoperations.com) or the compliance endpoint (customer-name.compliance.flexnetoperations.com).
In the past when we have depreciated SSL protocols the majority of the problems were seen with integrations that were using some older version software that did not support the latest SSL protocols. For example one customer was using JAVA 1.6 which didn't support the newer SSL protocols. Another customer was running an older version of TIBCO that didn't support the newer SSL protocols. In both cases the customers had to upgrade the software to newer versions that supported the newer SSL protocols.
For FlexNet Embedded (FNE) customers if your FNE clients are running on older OS's that do not support TLS 1.2 or higher communication with FNOC will fail and cause FNE licensing to fail.
Unfortunately there is no magic document for this. You need to identify which components and versions are involved in sending the communication to our systems. Your tools that send the SOAP requests may be built on JAVA, .NET or another platform and you will need to check the version and see if and how to include support for the TLS 1.2 protocol. You OS may also be a factor. For example if you are running a Linux system you may be using a version of OpenSSL to control secure communication and will need to check these to make sure they support TLS 1.2. You may need to apply an update to an individual component or take some action to enable TLS 1.2 support. Hopefully this will help get you started on where and what to look for with your integration.
We were able to resolve this issue in our C# cloud based tool by updating to .NET v4.6 which defaults to using TLS v1.2. When we changed the project settings, we needed to manually change the reference to the httpRuntime targetFramework. We also needed to update the SOAP created objects by going to our Connected Services and then right clicking on each of the services (ours are EntitlementOrderService, ManageDeviceService, and UserOrgHierarchyService) and selecting "Update Service Reference".
With these changes, we are now compatible with the recent changes. Hopefully this will help someone else if they run into something similar.
