Configuring TLS 1.2

Owned by Gabor Moczar (Unlicensed)
Last updated: Dec 16, 2020
2 min read

For security or compliance reasons, administrators can choose to lock down the TLS version of the Verba system to 1.2, and therefore disable TLS 1.0 and TLS 1.1. This document provides an overview of how to enable TLS 1.2 and disable TLS 1.0 and 1.1 for the Verba product.

ComponentHow to Configure TLS 1.2

Internal communication between Verba servers and components


The Verba C++ services are using TLS 1.2 by default but also supports TLS 1.1 and 1.0. There is no way to disable these protocols.

Additional configuration for the following services:

Verba Sfb/Lync Announcement Service
Verba SfB/Lync IM Recorder Service
Verba SfB/Lync Call Filter Service
Verba SfB/Lync IM Filter Service
Verba SfB/Lync Communication Policy Service

For the Verba .NET services, follow the information in the following article to disable TLS 1.0 and TLS 1.1 on Windows: https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

Additional configuration for the following services:

Verba Avaya DMCC/JTAPI Service
Verba Cisco Central Silent Monitoring Service
Verba Cisco Compliance Service
Verba Cisco JTAPI Service

For the Verba Java based services, follow the steps below:

Step 1 - Go to the Java home directory
Step 2 - Open the conf/security/java.security or lib/security/java.security (JDK 8 and earlier) file using notepad with elevated permissions
Step 3 - Change the jdk.tls.disabledAlgorithms property by appending ", TLSv1, TLSv1.1"
As an example:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL, TLSv1, TLSv1.1
Step 4 - Save the changes
Step 5 - Restart the impacted Verba Service

HTTPS connection with the Web Application

Follow the instructions on all Media Repository Servers:

Step 1 - Go to C:\Program Files\Verba\tomcat\conf
Step 2 - Create a backup of the server.xml file
Step 3 - Open the server.xml file using notepad with elevated permissions
Step 4 - Change the value of the SSLProtocol from "TLSv1+TLSv1.1+TLSv1.2" to "TLSv1.2"
Step 5 - Save the changes
Step 6 - Restart the Verba Web Application Service

Encrypted SQL Server communication

Follow the information in the following article: https://support.microsoft.com/en-gb/help/3135244/tls-1-2-support-for-microsoft-sql-server

To enable encrypted communication with the SQL Server in Verba, follow Configuring encryption for database connections