Beruflich Dokumente
Kultur Dokumente
Table of Contents
INTRODUCTION ..................................................................................................................................................... 1
OVERVIEW ................................................................................................................................................... 1
Introduction
Overview
*Originally delayed from April 1 2017*
Starting July 12, 2017, Concur will no longer accept connections to its cloud application that use the TLS
1.0 or SSL 3.0 security encryption protocol. All connections must use TLS 1.1 or higher. This change is
being implemented to close several internet security holes and ensure the Concur platform uses the
latest proven technology to protect client data.
For a vast majority of users and API connections, this change will have absolutely no effect on their
everyday interactions with the Concur application. The latest browser versions and API connections all
support this protocol and will automatically adjust when connecting to the Concursolutions.com
website.
Older browser versions may not support the latest TLS protocol and may need to be reconfigured or
upgraded before a connection will be allowed, most notably Internet Explorer v.7, 8, 9 and 10. IE 7
1
specifically does not offer any support for TLS 1.1 and will need to be upgraded for use with Concur.
Versions 8, 9 and 10 do offer support, but it must be enabled within the browser settings.
Q. What is TLS?
A. Transport Layer Security (TLS) is an encryption protocol which is used to encrypt traffic between a
user’s browser and a server. There are currently three versions of TLS running on the internet. TLS 1.0,
1.1 and 1.2.
2
Q. Which Concur products are affected?
A. All products.
Q. Are there special considerations for those who are using .net framework?
A. For those who are using .net Framework, please verify the version you are using to ensure that it is
patched to support TLS 1.1 and TLS 1.2. There have been multiple clients who were using an older
version of .net framework and had to either upgrade their system or patch their current version.
Q. If Concur still supports Internet Explorer 10, why would you redirect users on TLS 1.0?
A. Consider Internet Explorer (browser) and TLS (encryption protocol) as separate steps to access the
internet. While we continue to support Internet Explorer 10 as a browser, we no longer support one of
the ways (TLS 1.0) that the browser connects to our website. Therefore if a user connects to Concur
using TLS 1.0, we will redirect them starting July 12, 2017.
This report allows the admin to select a browser version and then generate a report listing employees
who are using that browser. The list includes first, last, and login names, last login and login count, and
email and IP addresses for identification.
• Users who are using a newer browser in Compatibility Mode will show up in the report as the
older browser, not the actual current browser. This means your results will include users who
are not affected by this discontinuation.
3
• Users on IE version 8, 9 and 10 who show up in the browser report may still be able to connect
to www.concursolutions.com as long as their browsers are configured to support TLS 1.1 or
higher (see instructions in later section).
• For purposes of TLS 1.0, using a browser such as IE 11 in Compatibility Mode for an older
browser will not be affected by this discontinuation of support. In other words, users using
Compatibility Mode will still be able to connect to www.concursolutions.com after July 12, 2017.
• Unfortunately, it is not possible to accurately identify which users are actually connecting using
TLS 1.0. This is because the TLS version is only available before the user connects to the web site
and logs in.
3. Click Submit.
4
The system returns a list of all users with information about the user, their login name and
status, and additional data to help identify the user(s) working with the selected browser
version.
5
Determining TLS (SSL) version being used by a website
Google Chrome
1. Click on the padlock icon at the left of the address bar to display the connection settings for the
webpage:
2. Select Details
6
3. A developer sidebar will open on the right-hand side of the browser
4. Leaving this sidebar open, reload the page and select https://www.concursolutions.com under
the Main Origin menu item
7
Mozilla Firefox
8
Internet Explorer
The padlock is to the right of the address bar, but it won't help. Instead:
9
Determining which protocol(s) is used by your browser
All browser versions and support for different TLS protocols are listed here:
https://en.wikipedia.org/wiki/Template:TLS/SSL_support_history_of_web_browsers
You will need to determine your browser version, which is usually under the Help About menu.
As long as TLS 1.1 or higher is supported in your particular browser version, the discontinuation of TLS
1.0 will have no effect on your connection to the Concur application/platform.
Internet Explorer
Although these instructions and screenshots are for Internet Explorer (IE) 10, they will work for other
versions of IE.
1. Open IE.
2. In IE, click the Tools symbol (gear) or select the Tools menu and then click Internet Options.
10
3. In the Internet Options window on the Advanced tab, under Settings, scroll down to the
Security section.
4. In the Security section, locate the Use SSL and Use TLS options and uncheck Use TLS 1.0, Use
SSL 3.0 and Use SSL 2.0.
11
5. If they are not already selected, check Use TLS 1.1 and Use TLS 1.2.
6. Next, click Apply and then, click OK.
You have successfully disabled the SSL 3.0 (TLS 1.0) protocol in your IE browser.
Firefox
Although these instructions and screenshots are for Mozilla Firefox 31, they will work for other versions
of Firefox.
1. Open Firefox.
2. In the Location Bar, enter about:config and click the Go to the address in the Location Bar
symbol (arrow).
3. When you receive the “This might void your warranty” message, click I’ll be careful, I promise!.
12
4. On the about:config page, in the Search box, enter tls and wait for the list to populate.
You have successfully disabled the SSL 3.0 (TLS 1.0) protocol in your Firefox browser.
13
Chrome
These instructions and screenshots are for Google Chrome 50 but will work for more recent versions of
Chrome.
Chrome does not have specific options to disable/enable a particular encryption protocol so using
command-line controls is the only option:
2. In the “Create Shortcut” panel, browse to the location of your Chrome installation and
select the Chrome icon – the default location is:
14
3. Add the following command line switch –ssl-version-min=tls1.1 after the item location
(i.e., after the ending quote) to appear thus:
Make sure and separate the switch from the location with a space.
15
4. Name the shortcut (SSL.com suggests giving it a unique name which will remind you that
this shortcut is secure) and click “Finish”.
5. Running Chrome from this shortcut will force the TLS 1.1 protocol in your Chrome
browser.
16