立即与支持人员聊天
与支持团队交流
成为门户专家
自助服务工具
知识库
我的帐户
通知和警报
产品支持
下载软件
技术说明文件
用户论坛
视频教程
RSS订阅源
支持基本要素
奖项和客户评价
使用入门
许可协议
支持指南

Rapid Recovery 产品通知

返回
漏洞
Rapid Recovery and DL Series

TLS 1.0 security vulnerabilities are forcing numerous software products to upgrade to a newer, more secure TLS version that contains cryptographic protocol to reduce data security risk. The TLS 1.0 vulnerabilities affect both 5.x AppAssure-branded software versions of Rapid Recovery and DL series products 


How does this affect me?

If you are running a 5.x AppAssure-branded core, you may be vulnerable to the TLS 1.0 version security risk. 

On January 29, 2018, Quest will disable TLS 1.0 on the Rapid Recovery License Portal, at which point any existing 5.x AppAssure cores not on the latest build & patch of 5.4.3 will no longer be able to connect. Additionally, any AppAssure or Rapid Recovery cores running on Windows Vista or earlier OSs will no longer be able to connect to the License portal due to Microsoft TLS version limitations. When a core server is unable to connect to the license portal it will disable further backups from being created. Please note that you will still be able to perform restores from previously created backups. For more information on TLS, please refer to the ‘More Information’ section of this Microsoft Support Notification


Resolution

For customers using AppAssure 5.x and TLS 1.1 supported OS, upgrade to AA 5.4.3 and then you can either:

  1. Install the latest QDPP plugin (recommended) OR 
  2. Install the latest patch P-1812.

For customers unwilling or unable to upgrade, or using TLS non-supported OS’s please contact support for further information. 

NOTE: All RR 6.x builds rely on more advanced cryptology and therefore are not exposed to the related TLS 1.0 security vulnerability. 

Status

For more information on TLS 1.0 exposure when using AppAssure 5.X cores, please review the Knowledge Base article.

We apologize for the inconvenience this issue may cause for you in maintaining your backup environments. Quest is committed to protecting your data security and we will do everything we can to ensure that you are informed on any related product environmental security concerns and that you are protected to the highest known levels when relying on our products, even when cryptographic data transport protocol vulnerabilities like those in TLS 1.0 resides in code outside of our products directly.