Control Compliance Suite

 View Only
Expand all | Collapse all

Is CCS AP Server connect to DB(production and report) DB support TLS 1.2?

  • 1.  Is CCS AP Server connect to DB(production and report) DB support TLS 1.2?

    Posted Jul 09, 2020 01:10 PM
    Hi, Sir:

         Customer site install CCS AP is version 11.5 install on Windows 2012 R2. Is CCS AP Server connect to DB(production and report) DB support TLS 1.2? 

        Customer security regulation need to SQL Server disable SSL3.0/TLS1.0/TLS1.1.

         Does nay one know if SQL Server could support TLS 1.2?

    BR, Edwin


  • 2.  RE: Is CCS AP Server connect to DB(production and report) DB support TLS 1.2?

    Posted Jul 10, 2020 05:36 AM
    Hi Edwin,
    CCS relies on OS settings, so if you disable SSL3.0/TLS1.0/TLS1.1 in Windows, CCS will work ok (see this but do not enable FIPS: https://knowledge.broadcom.com/external/article?legacyId=TECH235488)

    We successfully implemented this by doing following on all our servers - CCS AP, CCS Managers and SQL DBs:
    1. disabled SSL3.0/TLS1.0 and enabled TLS1.1 and TSL1.2 - https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings#ssl-20
    2. installed NET 4.7.2 from: https://go.microsoft.com/fwlink/?LinkID=863265 (you can use newer .net also)

    However, it's always best to test first in the test/non prod environment.


    ------------------------------
    Regards,
    Vladx
    ------------------------------