TLS 1.0

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

TLS 1.0

_Jon_

Our IT department disabled TLS 1.0 on our servers over the weekend, and it
broke our mapguide (3.1.2) sites.  They have since re-enabled it to get us
going again, but this is a very old, obsolete, and insecure protocol and
they would very much like to disable it as soon as possible.  By any chance,
is there an update in the works to remove this dependency in the near term
or do we have to wait for 4.0?




--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

GordonL
Are you using Windows/IIS?  I have MapGuide running on TLS 1.2 right now.

Virus-free. www.avast.com

On Tue, Nov 17, 2020 at 1:54 PM _Jon_ <[hidden email]> wrote:

Our IT department disabled TLS 1.0 on our servers over the weekend, and it
broke our mapguide (3.1.2) sites.  They have since re-enabled it to get us
going again, but this is a very old, obsolete, and insecure protocol and
they would very much like to disable it as soon as possible.  By any chance,
is there an update in the works to remove this dependency in the near term
or do we have to wait for 4.0?




--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users

_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

_Jon_
Most of our mapguide-related servers are Windows Server 2016, though we do
have at least one that is 2012R2.  The issue seems to be related to
mapguide's communication with SQL Server 2016, though I haven't totally
ruled out other issues unrelated to SQL Server as I can't seem to preview
SDF files in maestro either when TLS 1.0/1.1 is disabled.  



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

GordonL
After changing the registry (https://support.microsoft.com/en-ca/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi)

I had to re-issue the certificate on my MapGuide server and IIS to ensure changes to TLS.  
Once that was done, I was able to have full SSL.



Virus-free. www.avast.com

On Tue, Nov 17, 2020 at 2:32 PM _Jon_ <[hidden email]> wrote:
Most of our mapguide-related servers are Windows Server 2016, though we do
have at least one that is 2012R2.  The issue seems to be related to
mapguide's communication with SQL Server 2016, though I haven't totally
ruled out other issues unrelated to SQL Server as I can't seem to preview
SDF files in maestro either when TLS 1.0/1.1 is disabled. 



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users

_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

_Jon_
Thanks for the replies, Gordon.  It looks like 1.2 is actually working for
most of our servers.  I think I had previously only been testing 1.0, 1.1
and 1.3.  I am told that my certificate already supports 1.2.  I still seem
to be having a few issues in maestro, however.  Certain activities still
throw errors.  For example, feature source previews throw a 404 error even
though the feature source itself works just fine in my map.  I can no longer
connect using Studio at all using https, which I can live without, but I
still rely on it occasionally when maestro struggles with a particular task.  



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

GordonL
Once you register the SLL Cert, you will have to connect to Maestro with HTTPS and the fully qualified domain name.

For example, not http://localhost
 but 

On Wed, Nov 18, 2020 at 2:23 PM _Jon_ <[hidden email]> wrote:
Thanks for the replies, Gordon.  It looks like 1.2 is actually working for
most of our servers.  I think I had previously only been testing 1.0, 1.1
and 1.3.  I am told that my certificate already supports 1.2.  I still seem
to be having a few issues in maestro, however.  Certain activities still
throw errors.  For example, feature source previews throw a 404 error even
though the feature source itself works just fine in my map.  I can no longer
connect using Studio at all using https, which I can live without, but I
still rely on it occasionally when maestro struggles with a particular task. 



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users

_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users
Reply | Threaded
Open this post in threaded view
|

Re: TLS 1.0

_Jon_
yes, I am using the FQDN.  



--
Sent from: http://osgeo-org.1560.x6.nabble.com/MapGuide-Users-f4182607.html
_______________________________________________
mapguide-users mailing list
[hidden email]
https://lists.osgeo.org/mailman/listinfo/mapguide-users