Skip to main content
Waters

Does NuGenesis 8 SDMS support SHA-2 algorithms or the TLS 1.x protocols for LDAPS and HTTPS? - WKB11849

Article number: 11849

ENVIRONMENT

  • NuGenesis 8 SDMS

ANSWER

SHA-2 is an encryption algorithm that can be used as the hash function in the TLS 1.2 protocol, and also as the encryption algorithm for certificates for server authentication. 

TLS 1.2/SHA-2 impacts NuGenesis 8 in a few areas:

  • SDMS WebVision, LMS SampleShare: NuGenesis 8 SR2 does support HTTPS for connections to the WebVision and SampleShare web apps.  Here, the limiting factors are the protocols supported by the web server's OS, IIS, the client's OS, and the web browser. Windows 2012 R2, IIS 8, IE 11, and Windows 7+ all support TLS 1.2, so by definition they support SHA-2 encryption. Windows XP likely does not support TLS 1.2/SHA-2, so an XP client probably won't work with a NuGenesis web server configured for SHA-2.
    • NuGenesis 8 SR1 and FR1 do not support HTTPS for connections to WebVision.
    • SampleShare has supported HTTPS since its first release in NuGenesis 8 FR1.
  • LDAPS authentication in NuGenesis LMS: the controlling factor here for TLS/SHA support is the version of Java Runtime, as embedded in the LMS server. As of NG8 SR2, the LMS server does support TLS 1.2/SHA-2 for LDAPS authentication, because the LDAPS communication is handled by the Java environment, and the JRE embedded in the LMS server supports TLS 1.2 and SHA2.
  • LDAPS authentication in NuGenesis SDMS: the libraries that handle SSL and LDAP communications for SDMS applications, in the base release of SR1, and in the FR1 and SR2 releases, support only SSL 3.0. A hotfix was developed for NG8 SR1 and released to a few customers; it adds support for the next protocol version, TLS 1.0, for LDAPS. Unfortunately, TLS 1.0 and 1.1 do not support SHA-2 for the hash algorithm. They cannot decrypt certificates that are encrypted with SHA-2. Upgrading to TLS 1.2 is not possible with a hotfix for SDMS. It requires new versions of the SSL/LDAP libraries, changes to the core SDMS code to handle new function names/calling conventions in the new libraries, and a full recompile of all of the SDMS apps using a new version of the Visual C++ compiler. That amount of work is not possible within the scope of a hotfix. TLS 1.2 is planned for NuGenesis 9.

ADDITIONAL INFORMATION

 

Not able to find a solution? Click here to request help.