Why are Everest clients failing to connect when TLS 1.0 is disabled?

Overview

This article provides an explanation of why disabling TLS 1.0 will cause Everest clients to fail to connect to the Everest server.

Information

In October 2018, Apple, Google, Microsoft, and Mozilla jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020 due to what they termed as known security vulnerabilities. Customers may want to disable TLS 1.0 in their environments as a result of this announcement, resulting in Everest clients failing to connect to the server.

However, it is important to note that TLS 1.0 is still reliable in terms of data integrity and is still okay to use for all in-house traffic.

Everest uses the Microsoft OLE DB Provider for SQL Server (SQLOLEDB) to access SQL Server which does not have full support for TLS 1.1 and 1.2 hence the need to maintain TLS 1.0 enabled for successful Everest client connections to the server.

Disabling TLS 1.0 would stop the communication between the Application server and the database server due to the Microsoft SQL server driver used.

Updating the OLEDB provider to one that supports TLS 1.1 and later is currently under consideration as an enhancement request and until this is implemented, TLS 1.0 cannot be disabled on the Everest clients.

Back to top

Comments

0 comments

Please sign in to leave a comment.