TLS 1.0 security vulnerabilities are forcing numerous software products to upgrade to a newer, more secure TLS version that contains cryptographic protocol to reduce data security risk. The TLS 1.0 vulnerabilities effect both 5.X AppAssure-branded software versions of Rapid Recovery and DL series products.
How does this affect me?
If you are running a 5.X licensed core of the AppAssure-branded product, you may be vulnerable to the TLS 1.0 version security risk.
On January 29, 2018, Quest will disable TLS 1.0 at which point any existing 5.X AA cores not on the latest build & patch of 5.4.3 will no longer be able to connect. Additionally, AppAssure cores running on Windows Server 2008, Windows Vista or earlier OSs will no longer be able to connect to the License portal due to Microsoft TLS version upgrade limitations. An AppAssure core being unable to connect to the license portal will result in the disabling of further backups from being created. Please note that you will still be able to perform restores from previously created backups. For more information on TLS, please refer to the ‘More Information’ section of this Microsoft Support Notification
For customers using 5.4.3 and TLS 1.1 supported OSs, you must first upgrade to the latest build (188.8.131.52). Next you can either install the latest QDPP plugin (recommended) or install the latest patch P-1812. Presently, Axcient only supports the use of patch P-1812. I have linked it below.
For customers using any build of 5.4.2 and prior on supported TLS 1.1 OSs, you must update to 5.4.3 and then follow the steps in previous paragraph.
For customers unwilling or unable to upgrade, or using TLS non-supported OS’s please look for further information prior to January 29th for maintaining your backup operations using your AppAssure-branded product.
NOTE: All RR 6.x builds rely on more advanced cryptology and therefore are not exposed to the related TLS 1.0 security vulnerability.
Build 106 is available for AppAssure 5.4.3 along with either the QDPP plugin or patch P-1812 which will resolve any connection issues due to discontinuing TLS 1.0 on the license portal.
Rapid Recovery version 6.1.3 is currently available for download and will not have any issues once TLS 1.0 is disabled on January 29, 2018.
For more information on TLS 1.0 exposure when using AppAssure 5.X cores, please review the Knowledge Base article.
We apologize for the inconvenience this issue may cause for you in maintaining your backup environments. Quest is committed to protecting your data security and we will do everything we can to ensure that you are informed on any related product environmental security concerns and that you are protected to the highest known levels when relying on our products, even when cryptographic data transport protocol vulnerabilities like those in TLS 1.0 resides in code outside of our products directly.