サポートと今すぐチャット
サポートとのチャット
セルフ・サービス・ツール
ナレッジベース
マイ アカウント
通知および警告
製品別サポート
ソフトウェアのダウンロード
技術文書
ユーザーフォーラム
ビデオチュートリアル
RSSフィード
サポートの基本要素
受賞歴とお客様の声
開始する
ライセンス契約
サポートガイド

Rapid Recovery 製品のお知らせ

戻る
脆弱性
Rapid Recovery and DL Series

TLS 1.0 security vulnerabilities are forcing numerous software products to upgrade to a newer, more secure TLS version that contains cryptographic protocol to reduce data security risk. The TLS 1.0 vulnerabilities affect both 5.x AppAssure-branded software versions of Rapid Recovery and DL series products 


How does this affect me?

If you are running a 5.x AppAssure-branded core, you may be vulnerable to the TLS 1.0 version security risk. 

On January 29, 2018, Quest will disable TLS 1.0 on the Rapid Recovery License Portal, at which point any existing 5.x AppAssure cores not on the latest build & patch of 5.4.3 will no longer be able to connect. Additionally, any AppAssure or Rapid Recovery cores running on Windows Vista or earlier OSs will no longer be able to connect to the License portal due to Microsoft TLS version limitations. When a core server is unable to connect to the license portal it will disable further backups from being created. Please note that you will still be able to perform restores from previously created backups. For more information on TLS, please refer to the ‘More Information’ section of this Microsoft Support Notification


Resolution

For customers using AppAssure 5.x and TLS 1.1 supported OS, upgrade to AA 5.4.3 and then you can either:

  1. Install the latest QDPP plugin (recommended) OR 
  2. Install the latest patch P-1812.

For customers unwilling or unable to upgrade, or using TLS non-supported OS’s please contact support for further information. 

NOTE: All RR 6.x builds rely on more advanced cryptology and therefore are not exposed to the related TLS 1.0 security vulnerability. 

Status

For more information on TLS 1.0 exposure when using AppAssure 5.X cores, please review the Knowledge Base article.

We apologize for the inconvenience this issue may cause for you in maintaining your backup environments. Quest is committed to protecting your data security and we will do everything we can to ensure that you are informed on any related product environmental security concerns and that you are protected to the highest known levels when relying on our products, even when cryptographic data transport protocol vulnerabilities like those in TLS 1.0 resides in code outside of our products directly.