TLS 1.2

Started by michaelgreer, January 21, 2022, 01:41:37 PM

Previous topic - Next topic

michaelgreer

We have some legacy customers running back at PXPlus 11.50.  This is not supporting TLS 1.2. My understanding is that PXPlus uses the dlls in the pvx directory.  I do see that this release has been modified as recently as 08/2019.  Is it possible that this was one of the areas addressed. If not is there a solution to get these versions of PXPlus to support TLS 1.2?  Will the DLLs from a later version work and would this be allowed under our license agreements?  Any help is appreciated.

Mike King

For Windows, the changes to support TLS1.2 were more than just DLL changes, the EXE itself had to make different calls and some internal structures changed so we had to compile PxPlus specific to the TLS1.2 libraries.

To use TLS1.2 you need to upgrade your PxPlus beyond verions 11.50.

We strongly recommend anyone needing to support current security standards should have their PxPlus licenses on maintenance so as new releases of SSL/TLS come out you can upgrade to make sure your clients are secure.

The current PxPlus for Windows (v18.20) ships with Openssl 1.1.1k.

BTW: The current standard is TLS1.3 which is supported in PxPlus 2020 using Openssl 1.1.1.  We are also looking to support Openssl V3.0 with PxPlus 2022 (at least that is the plan at the moment and subject to change).

Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

michaelgreer

Thanks Mike. That clarifies things. These are Infor customers so the whole "licensing maintenance" takes on a new twist.  Can you tell me the first version of PxPlus after 11.5 that supports at least TLS 1.2?  Michael

Mike King

We supported OpenSSL 1.0.1 with Version 13 (first to support basic TLS 1.2) and OpenSSL 1.0.2 with version 14 (supports DTLS 1.2 and FIPS).  Although it should be mentioned neither of these OpenSSL versions are still supported and you should get current (PxPlus 2021 V18 which ships with OpenSSL 1.1.1k) which would include TLS1.3 support.

See https://en.wikipedia.org/wiki/OpenSSL for details on what aspects of TLS1.2 were supported with each OpenSSL version to determine which you will require. 
Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com

michaelgreer

Mike.  All of your reply is noted.  In your online documentation under options you reference the tcp option TLS1.2.  (https://manual.pvxplus.com/PXPLUS/mnemonics/option.htm) This does not show a version restriction for version 13.  On the other hand the online reference manual, under the Special Command Tag section for [TCP] shows that the TLS1.2 option was added in PxPlus 2017 (v. 14).  Can you clarify please, and thank you.

Mike King

We use OpenSSL to provide SSL/TLS communications.  The version of OpenSSL we provided with version 13 had limited support of TLS1.2, whereas full support of TLS1.2 in OpenSSL (including Suite B) came out in the version of OpenSSL we shipped with version 14. You can see what each version of OpenSSL contained at https://en.wikipedia.org/wiki/OpenSSL

Now whether the limited support of TLS 1.2 that was included in the OpenSSL version in PxPlus 13 will be adequate for you is unknown -- we only know that full TLS1.2 support came out in the OpenSSL version shipped with V14.

Also, we only provide OpenSSL with Windows installs, on Linux and other OS'es we use whatever OpenSSL libraries exist on the OS thus you need to look at what your OS provides and use a version of PxPlus that was designed for use with that OS.

As for the documentation, the online documentation is for the current release and generally only the last and recent additions to the language are reflected. To show each and every change and enhancement in the current online help would make the documentation unreadable.  We do provide all the prior help files in the Windows downloads for all prior releases back to the first version of PxPlus on our Archive site at:https://archives.pvxplus.com/PxPlus.Development.Suite/PxPlus/


Mike King
President - BBSysco Consulting
eMail: mike.king@bbsysco.com