API & Integrations - Legacy TLS End Of Life - Jun 2022

Updated

Service Update

Availability September 12th, 2022
Product(s) Mimecast Synchronization Engine and End User Apps 
Who's affected

Users of: 

  • Email Security Cloud Gateway
  • Mimecast Synchronization Engine (MSE)
  • Mimecast Security Agent (MSA)

Overview

Mimecast is pleased to announce the removal of support for legacy TLS versions. Mimecast API will no longer accept connections using these legacy TLS protocols: 

      • TLS v1.0
      • TLS v1.1

This is part of our continuous security enhancement initiative to keep our customer data secure in transit. If TLS 1.0 or 1.1 activity is still being reported on your account (or you experience issues following the EOL date), please ensure your firewall and/or proxy supports TLS 1.2 and is not downgrading the protocol to TLS 1.0 or 1.1 when connecting to the Mimecast API. 

What's changing

The following Mimecast applications will be impacted if prompt action is not taken: 

      • Mimecast Synchronization Engine
        • v4.x
      • API Integrations 
        • Custom built integrations 

Guidance on what needs to be done concerning each category of impacted applications has been included in this communication. 

Recommended actions 

API Integrations - Custom built API integrations 

Customers with custom-built integrations should have these integrations reviewed to ensure that custom integrations will be able to communicate with the Mimecast API using TLS v1.2 before September 12th, 2022. 

Mimecast Synchronization Engine

Customers running instances of MSE below v4.5.0.442 should follow the following guidelines to ensure support TLS 1.2 has been enabled for the Mimecast Synchronization Engine before September 12th, 2022. 

  1. Check the version of MSE that is currently installed: 
        • Open the Site Configure utility on the server where MSE is installed.
        • Click the Site tab. The tab will display the version information.
        • If below v4.5.0.442, the instance needs to be updated. 
  1. NET Framework 4.5.1 must be installed before installing MSE v4.5.0.442
        •  Download the latest version of MSE v4 from here.
        • Install or upgrade all instances of MSE.
        • On each MSE server, stop the Mimecast Synchronization Engine service: 
          • Create a global.ini file in the C:\ProgramData\MimecastSynchronisationEngine\State directory
          • Add the below text to the global.ini file and save the file; Mse.Core.Bridge.SecurityProtocol=3072
        • Start the Mimecast Synchronization Engine service. 

The MSE error that will be printed to the apps logs, if no action is taken before September 12th, 2022, will show as follows:

System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host. ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host

Mimecast Security Agent for Windows 

Customers running instances of Mimecast Security Agent for Windows v1.6 and below should follow the below guidance to ensure continued operation of the Mimecast Security Agent for Windows before September 12th, 2022. Following this date, these application versions will no longer function. 

  1. Check the version installed: 
      • Log in to the Mimecast Administration Console.
      • Navigate to Web Security | Protected Devices.
      • The Agent Version column will display the version installed. 
  1.   Upgrade to the newest version of the Mimecast Security Agent to keep your users and their devices safe against web threats. 

The MSA error that will be printed to the app's logs if no action is taken before September 12th, 2022, will show as follows:

WARN  ExecuteRequest - swg/get-endpoint-certificate - Unable to get response. The underlying connection was closed: An unexpected error occurred on a send. - ID: 74C2405F-62FD-4B27-B34C-591A36975696 - Retry (6/6) - Delaying for 32 seconds (Api.Services.Frameworks.Communication.CommunicationAgent)

 

INFO ExecuteRequest - swg/get-endpoint-certificate - ID: C40DF594-451F-42BB-B08A-6C426957CCDE for uri: https://xx-api.mimecast.com/api/swg/get-endpoint-certificate (Api.Services.Frameworks.Communication.CommunicationAgent) ERROR GetEndpointCertificate - Nullable object must have a value. (Api.Services.Frameworks.Communication.CommunicationAgent)

The Web Security web proxy will no longer support TLS 1.0/1.1 as part of the Legacy TLS EOL.

See Also...

 

 

 

 

Related to

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.