New Acumatica SaaS TLS Security Standards

To be compliant with best-in-class security standards, Acumatica will require that all SaaS customers utilize TLS 1.0 or higher protocols for communication with the server effective March 15th, 2018 and TLS 1.2 effective October 16, 2018.

TLS 1.0+ is supported by Acumatica versions 6.1 and higher. While officially not supported, Acumatica’s internal testing shows that 5.3 is also compatible with TLS 1.0 and higher.  Please note that at the time of this post, Acumatica 5.3 and 6.1 are unsupported product versions.

Timelines for SaaS Updates to TLS

  • March 15, 2018: TLS 1.0+ will be required, support for SSL3.0 encryption will be retired.
  • October 16, 2018: TLS 1.2 will be required, support for TLS 1.0 and 1.1 will be retired.

Why TLS 1.2?

TLS is Transport Layer Security and is an industry standard designed to protect the privacy of information communicated over the Internet. Payment Card Industry Security Standards Council has stated TLS versions earlier than 1.2 include serious vulnerabilities that put organizations at risk of being breached.

Requirements for SaaS customers

  • Verify that all users have a supported browser. Users can check their browser’s TLS compatibility at SSLLabs.com.
  • Check with your solution providers (partners and ISVs) to see if there are any incompatibilities with the TLS 1.0+ protocol. You should also verify that they will support TLS 1.2 by October 16, 2018.
  • Plan to upgrade to the versions below by October 16, 2018.
    • 6.1: 6.10.2013 or higher
    • 2017 R2: 17.207.0020 or higher
    • 2018 R1: any version

Risks: If these steps are not taken, there is a risk that you will not be able to access Acumatica, important integrations may fail, or functions like sending emails from Acumatica may stop working.

For more information about TLS/SSL support history, review the “Web Browsers” section of the Wikipedia article Transport Layer Security.

Requirements for customer on private clouds (PCP and PCS)

email_encryption_settings

  • We highly recommend that private cloud clients use the same TLS versions as our SaaS environment.
  • TLS 1.2 support for email processing is available in the Acumatica versions listed below. Customers using Office 365 for email delivery or other email delivery systems that require TLS, must upgrade to the versions below by October 16, 2018.
    • 6.1: 6.10.2013 or higher
    • 2017 R2: 17.207.0020 or higher
    • 2018 R1: any version
  • Enable TLS protocol for outgoing server encryption. To do this, go to the System Email Accounts (SM204002) form. In the Advanced Settings tab check if TLS or SSL is selected in Outgoing server encrypted connection for all email accounts. This is applicable for any version starting from 4.2.