Riva CRM Integration - Documentation and Knowledge Base

Controlling HTTPS Communication Security Protocols

Article ID: 1162
Last updated: 22 Apr, 2019

The Riva synchronization service uses the TLS 1.0 mechanism by default and does not allow the older SSL v3.

Riva does not connect to a host that supports only SSL v3, unless Riva is specifically reconfigured to use SSL v3. (See Set a specific security protocol.)

Contents

Which Version of TLS Does Riva Use by Default?

Newer versions of Riva automatically enable the newer versions of TLS, as long as they are supported by the underlying operating system.

Auto-enabling versions

If the system requirements for newer versions of TLS have been met, the following versions of Riva auto-enable support for TLS 1.2, TLS 1.1 and TLS 1.0:

  • 2.4.42 (rev.28021) or newer.
  • 2.4.41 (rev.28022) or newer.
  • 2.4.40 (rev.28023) or newer.
  • 2.4.39 (rev.28024) or newer.

Previous versions:

For prior versions of Riva up to and including 2.4.38, all connections are made by using TLS 1.0.

If you require TLS 1.2 or TLS 1.1, do as follows:

  1. Upgrade to Microsoft .NET Framework 4.5.2.

  2. Configure Riva to use the Microsoft .NET Framework 4.5.

  3. Do one of the following:

Which Security Protocol Types Does Riva Support?

Riva uses the Microsoft .NET Framework as the underlying technology framework. This framework leverages the Microsoft Security Support Provider Interface (SSPI), which defines the secure channel sub-system of the underlying Windows operating systems.

Secure Channel, also known as Schannel, is a security support provider (SSP) that contains a set of security protocols that provide identity authentication and secure, private communication through encryption.

Schannel is primarily used for Internet applications that require secure Hypertext Transfer Protocol (HTTP) communications.

Both Secure Sockets Layer Protocol (SSL) and Transport Layer Security Protocol (TLS) are supported by Windows and, therefore, are compatible with Riva.

For a list of supported TLS 1.0 cipher suites for Windows Server 2008/Vista, see Cipher Suites in Schannel.

The following operating systems do not support TLS 1.2 or TLS 1.1: Windows 2003 and Windows XP.

For a full breakdown of secure libraries and their supported protocols, see this Wikipedia article.

Security Protocol Code Description
Ssl3 48 Specifies the Secure Socket Layer (SSL) 3.0 security protocol.

SSL 3.0 has been superseded by the Transport Layer Security (TLS) protocol and is provided for backward compatibility only. Protocol released in 1996.

Tls 192 Specifies the Transport Layer Security (TLS) 1.0 security protocol.

TLS assumes that a connection-oriented protocol, typically TCP, is in use. The TLS protocol is defined in IETF RFC 2246. Protocol released in 1999.

Tls11 768 Specifies the Transport Layer Security (TLS) 1.1 security protocol.

TLS assumes that a connection-oriented protocol, typically TCP, is in use. The TLS protocol is defined in IETF RFC 2246.

This value is supported on Windows 7, Windows 2012, and later versions of Windows. Protocol released in 2006.

Note: Requires the use of .NET 4.5

Tls12 3072 Specifies the Transport Layer Security (TLS) 1.2 security protocol.

TLS assumes that a connection-oriented protocol, typically TCP, is in use. The TLS protocol is defined in IETF RFC 2246.

This value is supported on Windows 7, Windows 2012, and later versions of Windows. Protocol released in 2008.

Note: Requires the use of .NET 4.5

Set a Specific Security Protocol

By default, the Riva synchronization process uses the TLS 1.0 security protocol.

To force Riva to use a specific security protocol

  • Set the following advanced option in the Application Settings for the service.

    ServicePointManager.SecurityProtocol = [value]

    where [value] is one of the following:

    • One of the values in the Security Protocol column in the previous table (Ssl3, Tls, Tls11, or Tls12)

    • 4032, to allow all of these TLS versions: 1.0, 1.1, and 1.2

    Note: To allow only TLS 1.0, set [value] to Tls.

If the following error is received: "System.NotSupportedException: The requested security protocol is not supported.", use the named parameters instead of the numeric values.

Determine Which Versions of SSL/TLS Are Enabled on a Target HTTPS Host

If the host is connected to the internet and can receive HTTPS communication, a simple way to determine which security protocols are supported by the host is to run an SSL Test. See https://www.ssllabs.com/ssltest/.

Related Articles

How to Determine the Cipher Suite for the Server and Client - http://support.microsoft.com/kb/299520

Update adds new TLS cipher suites and changes cipher suite priorities in Windows 8.1 and Windows Server 2012 R2 - http://support.microsoft.com/kb/2929781

Test: SSL/TLS Capabilities of Your Browser - https://www.ssllabs.com/ssltest/viewMyClient.html

This article was:   Helpful | Not helpful
Report an issue
Article ID: 1162
Last updated: 22 Apr, 2019
Revision: 10
Views: 9638
Comments: 0
Also listed in