TLS 1.0 security vulnerabilities are forcing numerous software products to upgrade to a newer, more secure TLS version that contains cryptographic protocol to reduce data security risk. The TLS 1.0 vulnerabilities affect both 5.x AppAssure-branded software versions of Rapid Recovery and DL series products
If you are running a 5.x AppAssure-branded core, you may be vulnerable to the TLS 1.0 version security risk.On January 29, 2018, Quest will disable TLS 1.0 on the Rapid Recovery License Portal, at which point any existing 5.x AppAssure cores not on the latest build & patch of 5.4.3 will no longer be able to connect. Additionally, any AppAssure or Rapid Recovery cores running on Windows Vista or earlier OSs will no longer be able to connect to the License portal due to Microsoft TLS version limitations. When a core server is unable to connect to the license portal it will disable further backups from being created. Please note that you will still be able to perform restores from previously created backups. For more information on TLS, please refer to the ‘More Information’ section of this Microsoft Support Notification
For customers using AppAssure 5.x and TLS 1.1 supported OS, upgrade to AA 5.4.3 and then you can either:
For customers unwilling or unable to upgrade, or using TLS non-supported OS’s please contact support for further information.
NOTE: All RR 6.x builds rely on more advanced cryptology and therefore are not exposed to the related TLS 1.0 security vulnerability.
For more information on TLS 1.0 exposure when using AppAssure 5.X cores, please review the Knowledge Base article.
We apologize for the inconvenience this issue may cause for you in maintaining your backup environments. Quest is committed to protecting your data security and we will do everything we can to ensure that you are informed on any related product environmental security concerns and that you are protected to the highest known levels when relying on our products, even when cryptographic data transport protocol vulnerabilities like those in TLS 1.0 resides in code outside of our products directly.