As previously announced, the Lucity Mobile 2.0 application for iOS will require SSL with TLS 1.2 starting next week. In addition, SSL must be configured to support (perfect) forward secrecy using the Elliptic Curve Diffie-Hellman (ECDHE) key exchange. This requires cipher suites installed on Windows Server to support this key exchange. The order of the cipher suites will also affect whether perfect forward secrecy is supported.
These requirements are due to new Apple Security Requirements which require all submitted apps to adhere to Application Transport Security (ATS) before the end of 2016.
If you have any questions or need help figuring out whether your servers will support the new requirements, please contact Lucity Support.
Users of Lucity Mobile for iPad or iPhone with Lucity 2016 or Lucity 2016r2 will receive an update next week which requires TLS 1.2. These new requirements are necessary to meet new Apple requirements. There is no backdoor or work around. Lucity Mobile Server must be deployed with SSL and must support the TLS 1.2 protocol. We announced this in a previous blog post but want to put out another warning to make sure everyone is ready!
Microsoft Windows Server 2008r2 does not enable TLS 1.2 by default. If you have Lucity Mobile Server deployed on a Windows Server 2008r2, you must take manual steps to enable TLS 1.2 on these servers. This article contains some details about the steps to enable TLS 1.2 on Windows Server 2008r2.
Please see the post discussing the forward secrecy requirement as well. This is also a critical requirement for iOS clients.
If you have questions or concerns, please contact Lucity support.
There is a lot happening in the software industry regarding TLS (Transport Layer Security) and we have a few announcements for what is going to be changing in the coming year with Lucity and TLS.
TLS supersedes SSL. Ideally all systems should be using TLS (v1.2) instead of SSL, so we will begin using the term TLS instead of SSL in all of our communications and documentation. Please note however, that most providers of security certificates (e.g. – DigiCert, Verisign, etc.) will still refer to them as SSL Certificates. Rest assured that any recent certificate that you’ve obtained from a reputable provider will support both the older SSL (v3) as well as TLS, so you won’t necessarily need to obtain a new certificate. Continue reading
Some new changes are coming for security and user permission management in Lucity 2016 in February. For some these will be very minor changes, but other administrators may have a moderate to large number of changes needed in the Lucity security setup. We wanted to give everyone plenty of time to get used to the idea and start planning. This post contains details to help Lucity administrators start preparing for these changes now.