IMS to deprecate TLS 1.0 and 1.1 as of July 18, 2020

You must update CONNECTION Client versions 10.0.7.30 and older

Announcement:

Update:  Effective July 18, 2020, Transport Layer Security (TLS) 1.0 and 1.1 will no longer be supported by Bentley’s identity management system (IMS).

If you are using a version of CONNECTION Client that is 10.0.7.30 or older, you must upgrade your users to the latest CONNECTION Client (version 10.00.17.10 or later) prior to the effective date to ensure continuity of Bentley applications.  A direct notification will be sent to users who have not upgraded the week of November 25, 2019.

The CONNECTION Client can be updated from within the app itself by navigating to Applications on the main screen of the CONNECTION Client and then selecting the CONNECTION Client Update, as well as downloaded from the Bentley Store or Bentley Software Downloads.  

Ensuring that users are running the latest version of Bentley applications, including the CONNECTION Client, is the best way to avoid service interruptions. 

Frequently Asked Questions:

1) What behavior should I expect if I do not upgrade the CONNECTION Client?

Users may see slightly different messages/workflows presented to them depending on their environment, but users will either not be provided the fields to enter their username and password or once they attempt to sign-in the process will not complete. For applications with the Subscription Entitlement Service enabled, user sign-in through the CONNECTION Client is required.   

2) Will my current applications be impacted?

The CONNECTION Client provides a single sign on experience for most Bentley desktop applications and facilitates sign-in for applications that are licensed via the Bentley’s Subscription Entitlement Service.  If you use CONNECTION Client versions 10.0.7.30 or older and sign in fails, then you will not be able to access any of these applications as version 10.0.7.30 or older do not support TLS 1.2. 

3) Which version should I upgrade to?

Upgrade to the latest available version. 10.00.17.10 (or later, if available)

4) Why are you deprecating TLS 1.0 and 1.1?

The deprecation of TLS 1.0 and 1.1 support is in alignment with industry best practice. These protocols do not support modern cryptographic algorithms and contain security vulnerabilities that may be exploited by attackers.  See this article from Microsoft for additional information. 

5) What other factors could result in user impacts?

• Operating Systems: Per Microsoft, Windows 8.1 and later versions of Windows natively support TLS 1.2 for client-server communications over WinHTTP.  Earlier versions of Windows, such as Windows 7 prior to SP1, don’t enable TLS 1.2 by default for client-server communications through HTTPS.  Any version of the CONNECTION Client or other application enabling IMS sign-in on running on these earlier versions of Windows will cease to function after Bentley disables TLS 1.0 and 1.1.  Please consult with Microsoft for instructions on how to update older versions of Windows to support TLS 1.2.
• Browser Versions: Modern web browsers support TLS 1.2.  If you encounter problems with accessing your Bentley web applications, please verify your browser supports TLS 1.2. 

If you have further questions, please raise a help request here.