<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Customer is running UCCX 10.6(1). We have some “HTTP Request” actions within a Finesse workflow that points to one of the customer’s internal web servers. Looking at the packet capture taken from UCCX when this workflow runs, we can see
UCCX sending the https request with a TLS 1.0 hello packet. The customer’s web server then replies with a TLS handshake error because it only supports TLS 1.1 or higher. We also noticed the same thing occurring with a custom gadget in the Finesse desktop
layout, which points to a web server handled by an F5 load balancer. The F5 rejects it with the same TLS handshake error.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Other than having the customer enable TLS 1.0 on their servers, what options do we have on the UCCX side? Does UCCX 11.x still send TLS 1.0 on http requests? I’ve had a TAC case open for a while and don’t have an answer yet. Just to
be clear, I’m aware of the forum posts out there about verifying the TLS version with IE and Firefox. That isn’t what I’m talking about. I’m not talking about using a browser to get *<b>to</b>* UCCX. I’m talking about UCCX *<b>sourcing</b>* the https request,
such as in a workflow action, destined for another web server. That is the direction where we are seeing UCCX send TLS 1.0 hello packets that we want and need to be TLS 1.1 or higher to satisfy the customer’s security requirements.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks!<o:p></o:p></p>
<p class="MsoNormal">Kevin Damisch<span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>