Is ALM 12.21 officially supporting TLS1.2?

  • Questions
  • Is ALM 12.21 officially supporting TLS1.2?
Question ID: 107200
0
0

Hello,
Does ALM 12.21support TLS1.2? If not is there a work around to get the support working on this version?

Thanks,
HomerJ

Marked as spam
Posted by (Questions: 379, Answers: 35)
Asked on October 26, 2016 2:41 pm
100 views
Answers (1)
1
Private answer

Hello HomerJ,
According to HPE, ALM does not officially support TLS1.2 implementation at this time but should be supported in this version and newer version after the release of the next patches (in this versions case it should be supported in patch 4 when it is released according to their statements, however that is always subject to change).
They have supplied me with a possible work around that may enable the TLS 1.2 implementation to work on ALM 12.21 versions (it is recommended to test on a test environment prior to attempting to integrate into a production environment and to make sure that full back ups are in place should they be needed for recovery purposes). The following are the recommended changes:

''Support of TLS 1.2
https://softwaresupport.hpe.com/group/softwaresupport/search-result/-/facetsearch/document/LID/QCCR1J29016

TLS1.2 will be supported for ALM 12.21 path 4. Ongoing for Dec, 2016

workaround:

To disable SSL 2.0, 3.0 and TLS 1.0, 1.1 protocols in order to have only the TLS 1.2 protocol enabled.

You can check the following information:
https://support.microsoft.com/en-us/kb/245030

You can enable TLS 1.1 and TLS 1.2 in the registry.
To do this you need to add DWORD key EnabledSecureProtocols in the HKEY_CURRENT_USERSoftwareMercury InteractiveTestDirectorWEB.
The values is combined from

#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL2 0x00000008
#define WINHTTP_FLAG_SECURE_PROTOCOL_SSL3 0x00000020
#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1 0x00000080
#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_1 0x00000200
#define WINHTTP_FLAG_SECURE_PROTOCOL_TLS1_2 0x00000800

e.g. if you want to support TLS1.1 and TLS 1.2 you should use value 0xA00 (decimal 2560), if TLS 1.2 only then 0x800 (decimal 2048)
''

As was stated this should be tested in a test environment first and is at your own risk for attempting to institute.

I hope this helps,
Dan

Marked as spam
Posted by (Questions: 0, Answers: 771)
Answered on October 26, 2016 2:47 pm
Thanks for the information. We will see about getting a test environment to test this work around.
( at October 26, 2016 3:18 pm)
EyeOnTesting