In accordance with the industry-wide effort to deprecate support for older Transport Layer Security (TLS) versions 1.0 and 1.1 in favor of TLS 1.2, we want to communicate the impact this change will have to the ProjectWise products and cloud services, as well as the necessary steps required for a seamless transition for your user community.
Please take a moment now to review the notification in the Subscription Services Portal.
Can you help clarify a few points?
What does – ‘Impact Date: Second half of 2020’ mean? 1st July or 31st December? Now more than ever during Covid-19 we need accurate deadlines and timeframes from Bentley to plan our workforces priorities.
For server patch/upgrade we are MAS hosted so should be no issue for us, is there any requirement to patch cache servers? I would guess not as they are not handling authentication and the bulletin only mentions ‘Integration’ servers. Please could you confirm.
For client patch/upgrade the bulletin mentions “The following application versions natively support TLS 1.2 and require no action”, only “ProjectWise Explorer Update 3.2 (10.00.03.280)” is mentioned, this implies to me that all other Explorer builds require action. However, later the bulletin say “Patch Existing ProjectWise Explorer Installations 10.00.03.140 or earlier” then goes on to further contradict itself and say “Note that these steps are only needed if you are using the connected project functionality (e.g., associating a work area to a ProjectWise project) in a version earlier than 101.00.03.262”. So what does that mean for 10.00.03.167 which came in between these builds?
So is it anything earlier than 10.00.03.280, or is it earlier than 10.00.03.262 or is it earlier than 10.00.03.140? Can you please clarify this, it appears to have been written as some sort of riddle to solve.
Thank you for the feedback. I understand "second half" of 2020 is vague however a specific date was not set. Our goal in communicating this to you now was we felt it was important to get this information out sooner rather than waiting for the deadline to be confirmed by the cloud services platform team. Rest assured as soon as the PW team has a specific date from our platform team, we will will share it with the ProjectWise user community with a goal to provide you with adequate time to respond.
As an industry best practice, I would recommend patching your Caching servers so they use the higher TLS version. The older versions are considered less secure and many other vendors are also deprecating support for older the older TLS version therefore 1.2 is recommended for PW Caching servers. For the confusing around versions, 03.280 is a replacement of 03.271 so anywhere 03.280 is mentioned, it would also mean 03.271. The 10.00.03.167 release is part of the Update 3.1 release, 10.00.03.167, so it would need to be patched where integration with cloud services is also used.
The reason all three versions are references is that different changes in TLS were made in different areas with each release. The 03.262 version did not have the updated DMSManagedHost.exe.config but the 03.271/03.280 versions do. Whereas the 03.262 version has an updated dmskrnl.exe.config but the 03.140 did not and that version also needs the updated DMSManagedhost.exe.config. Would it be useful if I made a chart? The intent was to make it as clear and succinct as possible, not create a riddle. I apologize for the confusion. Please feel free to reach out directly with any other questions or concern.
Here is additional information about industry support for older TLS versions:
So any client < 03.271/03.280 should be patched to ensure all features will use TLS 1.2?