Delphix Products

 View Only

Special Note on TLS 1.0 and 1.1 End-of-Life

By Ross Millenacker posted 11-17-2021 10:30:28 AM


The Delphix TLS 1.0 and 1.1 End-of-Life was put into place to reduce risk related to any security vulnerabilities related to the legacy TLS versions. Customers who are interested in verifying whether they are impacted by the EOL should take the following steps:

JDBC Connections (Masking only)

Masking engines leverage TLS to secure JDBC connections. In order to verify whether any of your masking workloads are impacted by this EOL, please run the following checks:

  1. Check for potentially affected JDBC connectors. Only “Advanced” database connectors or JDBC connectors making use of the Connector's property interface (introduced in 6.0.6) may be affected.
  2. Look for any properties that indicate TLS usage in either the URL (for advanced connectors) or Connector's property file.
  3. For each connector that is identified as using TLS, check the data source to determine which version of TLS the database supports (this is data source specific).
  4. If a data source is in use that does not support TLS 1.2 or TLS 1.3, patch or upgrade the DB prior to upgrading to this release.

If a DB is impacted, our recommendation is to patch or upgrade the DB to a TLS 1.2 or 1.3-compatible version.

HTTPS Connections (Virtualization/Masking)

Both virtualization and masking leverage TLS to secure HTTPS connections. In order to verify whether HTTPS connects are impacted by this EOL, please check the following:

  • Check Browser and API Compatibility
  • Change TLS Settings in the Delphix Setup App

Note: Delphix recommends that customers confer with their security team as they evaluate the impact and potential migration options related to this EOL.