BBPS and Pre TLS 1.2 versions
Options
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
t
Tagged:
0
Comments
-
Jim Freer:
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
Hey Jim,
The PCI Security Standards Council has set a deadline of June 30, 2018 for all payment processors to stop support for processing payments being submitted using vulnerable encryption protocols (SSL and TLS 1.0).
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
Blackbaud payment services will need to pick a date that is equal to or earlier than that date to stop supporting these vulnerable encryption protocols. A date has not yet been set and will largely be driven by our payment processing team. I can assure you this will not be an overnight change and will be preceded with an announcement that will be made well before the change is made.
In the meantime, however, I would recommend maing plans to upgrade to a recent version of Rasier's Edge that supports advanced TLS encryption protocols to ensure that the announcement (when it does occur) is a non-event for you and your organzation.
This, of course, is assuming you are self-hosted. If you are a hosted Blackbaud customer, this should not be a concern for you as we have already made the environment changes necessary to ensure that payment processing is being done a way that is as secure as currently possible and future proof.
Thanks,
Jarod
0 -
Jarod Bonino:
Jim Freer:
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
Hey Jim,
The PCI Security Standards Council has set a deadline of June 30, 2018 for all payment processors to stop support for processing payments being submitted using vulnerable encryption protocols (SSL and TLS 1.0).
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
Blackbaud payment services will need to pick a date that is equal to or earlier than that date to stop supporting these vulnerable encryption protocols. A date has not yet been set and will largely be driven by our payment processing team. I can assure you this will not be an overnight change and will be preceded with an announcement that will be made well before the change is made.
In the meantime, however, I would recommend maing plans to upgrade to a recent version of Rasier's Edge that supports advanced TLS encryption protocols to ensure that the announcement (when it does occur) is a non-event for you and your organzation.
This, of course, is assuming you are self-hosted. If you are a hosted Blackbaud customer, this should not be a concern for you as we have already made the environment changes necessary to ensure that payment processing is being done a way that is as secure as currently possible and future proof.
Thanks,
JarodHi Jarod,
So is it going to be .Net Framework 4.6 that resovles the TLS issues, or it is additional coding found within RE7.96? In other words, if a client were to upgrade the affected workstations/servers with .Net 4.6 could they conceivably continue to use RE 7.93 or 7.95? Are there compatibility issues between older viersions of RE and the new .Net 4.6?
Cheers,
JP
0 -
Jim,JP Provencal:
Jarod Bonino:
Jim Freer:
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
Hey Jim,
The PCI Security Standards Council has set a deadline of June 30, 2018 for all payment processors to stop support for processing payments being submitted using vulnerable encryption protocols (SSL and TLS 1.0).
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
Blackbaud payment services will need to pick a date that is equal to or earlier than that date to stop supporting these vulnerable encryption protocols. A date has not yet been set and will largely be driven by our payment processing team. I can assure you this will not be an overnight change and will be preceded with an announcement that will be made well before the change is made.
In the meantime, however, I would recommend maing plans to upgrade to a recent version of Rasier's Edge that supports advanced TLS encryption protocols to ensure that the announcement (when it does occur) is a non-event for you and your organzation.
This, of course, is assuming you are self-hosted. If you are a hosted Blackbaud customer, this should not be a concern for you as we have already made the environment changes necessary to ensure that payment processing is being done a way that is as secure as currently possible and future proof.
Thanks,
JarodHi Jarod,
So is it going to be .Net Framework 4.6 that resovles the TLS issues, or it is additional coding found within RE7.96? In other words, if a client were to upgrade the affected workstations/servers with .Net 4.6 could they conceivably continue to use RE 7.93 or 7.95? Are there compatibility issues between older viersions of RE and the new .Net 4.6?
Cheers,
JP
I did my best to address this in the webinar content, but I know it's a complicated topic. I'll try to state it as plainly as possible below:
Blackbaud added support for TLS 1.2 encryption in Patch 1 of 7.95. If you are running RE 7.95 patch 1 or later AND you ensure that you have .NET framework 4.6+ installed on your RE server and all workstations, 7.96 won't introduce anything new (in terms of payment processing encryption) and you can be confident that your payment processing is "future proof" for any upcoming payment processing changes for PCI compliance.
If you have an earlier version of The Raiser's Edge installed, however, (7.93 for example) having .NET Framework 4.6 or later intsalled will not change the fact that payment processing done through RE will be using the SSL and/or TLS 1.0 encryption protocols (which are the ones that have been deemed "vulnerable" by the PCI Security Standards Council).
So to answer your question, it's the combination of changes made in RE 7.95, RE 7.95, Patch 1, and .NET framework 4.6 or later that collectively serve as the answer to this problem. We wanted to make it is simple as possible to wrap all that up and simplify it for our self-hosted customers, which is where 7.96 comes in. With 7.96 we will be including .NET Framework 4.6 as a pre-req installation and will fail the RE install if the pre-req is not satisfied. So ultimately, as long as you are able to install RE 7.96 on your server and workstations, you can be sure that your payment processing is as secure and future proof as possible.
I hope this helps!
Thanks,
Jarod1 -
Jarod Bonino:
Jim,JP Provencal:
Jarod Bonino:
Jim Freer:
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
Hey Jim,
The PCI Security Standards Council has set a deadline of June 30, 2018 for all payment processors to stop support for processing payments being submitted using vulnerable encryption protocols (SSL and TLS 1.0).
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
Blackbaud payment services will need to pick a date that is equal to or earlier than that date to stop supporting these vulnerable encryption protocols. A date has not yet been set and will largely be driven by our payment processing team. I can assure you this will not be an overnight change and will be preceded with an announcement that will be made well before the change is made.
In the meantime, however, I would recommend maing plans to upgrade to a recent version of Rasier's Edge that supports advanced TLS encryption protocols to ensure that the announcement (when it does occur) is a non-event for you and your organzation.
This, of course, is assuming you are self-hosted. If you are a hosted Blackbaud customer, this should not be a concern for you as we have already made the environment changes necessary to ensure that payment processing is being done a way that is as secure as currently possible and future proof.
Thanks,
JarodHi Jarod,
So is it going to be .Net Framework 4.6 that resovles the TLS issues, or it is additional coding found within RE7.96? In other words, if a client were to upgrade the affected workstations/servers with .Net 4.6 could they conceivably continue to use RE 7.93 or 7.95? Are there compatibility issues between older viersions of RE and the new .Net 4.6?
Cheers,
JP
I did my best to address this in the webinar content, but I know it's a complicated topic. I'll try to state it as plainly as possible below:
Blackbaud added support for TLS 1.2 encryption in Patch 1 of 7.95. If you are running RE 7.95 patch 1 or later AND you ensure that you have .NET framework 4.6+ installed on your RE server and all workstations, 7.96 won't introduce anything new (in terms of payment processing encryption) and you can be confident that your payment processing is "future proof" for any upcoming payment processing changes for PCI compliance.
If you have an earlier version of The Raiser's Edge installed, however, (7.93 for example) having .NET Framework 4.6 or later intsalled will not change the fact that payment processing done through RE will be using the SSL and/or TLS 1.0 encryption protocols (which are the ones that have been deemed "vulnerable" by the PCI Security Standards Council).
So to answer your question, it's the combination of changes made in RE 7.95, RE 7.95, Patch 1, and .NET framework 4.6 or later that collectively serve as the answer to this problem. We wanted to make it is simple as possible to wrap all that up and simplify it for our self-hosted customers, which is where 7.96 comes in. With 7.96 we will be including .NET Framework 4.6 as a pre-req installation and will fail the RE install if the pre-req is not satisfied. So ultimately, as long as you are able to install RE 7.96 on your server and workstations, you can be sure that your payment processing is as secure and future proof as possible.
I hope this helps!
Thanks,
JarodThanks for all the details Jarod, I appreciate it.
As a follow-up question, what would be the minimum version of ancilliary Blackbaud software like NetCommunity, Finaical Edge ect. that would be reqruied to meet the TLS 1.2 protocols?
Cheers,
JP
0 -
JP Provencal:
Jarod Bonino:
Jim,JP Provencal:
Jarod Bonino:
Jim Freer:
As TLS 1.2 becomes the standard and part of RE 7.96, is there a time table to stop communicating with earlier versions of TLS?
t
Hey Jim,
The PCI Security Standards Council has set a deadline of June 30, 2018 for all payment processors to stop support for processing payments being submitted using vulnerable encryption protocols (SSL and TLS 1.0).
https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls
Blackbaud payment services will need to pick a date that is equal to or earlier than that date to stop supporting these vulnerable encryption protocols. A date has not yet been set and will largely be driven by our payment processing team. I can assure you this will not be an overnight change and will be preceded with an announcement that will be made well before the change is made.
In the meantime, however, I would recommend maing plans to upgrade to a recent version of Rasier's Edge that supports advanced TLS encryption protocols to ensure that the announcement (when it does occur) is a non-event for you and your organzation.
This, of course, is assuming you are self-hosted. If you are a hosted Blackbaud customer, this should not be a concern for you as we have already made the environment changes necessary to ensure that payment processing is being done a way that is as secure as currently possible and future proof.
Thanks,
JarodHi Jarod,
So is it going to be .Net Framework 4.6 that resovles the TLS issues, or it is additional coding found within RE7.96? In other words, if a client were to upgrade the affected workstations/servers with .Net 4.6 could they conceivably continue to use RE 7.93 or 7.95? Are there compatibility issues between older viersions of RE and the new .Net 4.6?
Cheers,
JP
I did my best to address this in the webinar content, but I know it's a complicated topic. I'll try to state it as plainly as possible below:
Blackbaud added support for TLS 1.2 encryption in Patch 1 of 7.95. If you are running RE 7.95 patch 1 or later AND you ensure that you have .NET framework 4.6+ installed on your RE server and all workstations, 7.96 won't introduce anything new (in terms of payment processing encryption) and you can be confident that your payment processing is "future proof" for any upcoming payment processing changes for PCI compliance.
If you have an earlier version of The Raiser's Edge installed, however, (7.93 for example) having .NET Framework 4.6 or later intsalled will not change the fact that payment processing done through RE will be using the SSL and/or TLS 1.0 encryption protocols (which are the ones that have been deemed "vulnerable" by the PCI Security Standards Council).
So to answer your question, it's the combination of changes made in RE 7.95, RE 7.95, Patch 1, and .NET framework 4.6 or later that collectively serve as the answer to this problem. We wanted to make it is simple as possible to wrap all that up and simplify it for our self-hosted customers, which is where 7.96 comes in. With 7.96 we will be including .NET Framework 4.6 as a pre-req installation and will fail the RE install if the pre-req is not satisfied. So ultimately, as long as you are able to install RE 7.96 on your server and workstations, you can be sure that your payment processing is as secure and future proof as possible.
I hope this helps!
Thanks,
JarodThanks for all the details Jarod, I appreciate it.
As a follow-up question, what would be the minimum version of ancilliary Blackbaud software like NetCommunity, Finaical Edge ect. that would be reqruied to meet the TLS 1.2 protocols?
Cheers,
JPJust realized that there was a follow up question here that I had not responded to. Sorry about that JP. I would have to defer this question to those closer to the roadmaps and functions of each individual Blackbaud product. I do think it's fair game to post this question in those individual communities though.
Thanks,
Jarod
0
Categories
- All Categories
- Shannon parent
- shannon 2
- shannon 1
- 21 Advocacy DC Users Group
- 14 BBCRM PAG Discussions
- 89 High Education Program Advisory Group (HE PAG)
- 28 Luminate CRM DC Users Group
- 8 DC Luminate CRM Users Group
- Luminate PAG
- 5.9K Blackbaud Altru®
- 58 Blackbaud Award Management™ and Blackbaud Stewardship Management™
- 409 bbcon®
- 2.1K Blackbaud CRM™ and Blackbaud Internet Solutions™
- donorCentrics®
- 1.1K Blackbaud eTapestry®
- 2.8K Blackbaud Financial Edge NXT®
- 1.1K Blackbaud Grantmaking™
- 527 Education Management Solutions for Higher Education
- 1 JustGiving® from Blackbaud®
- 4.6K Education Management Solutions for K-12 Schools
- Blackbaud Luminate Online & Blackbaud TeamRaiser
- 16.4K Blackbaud Raiser's Edge NXT®
- 4.1K SKY Developer
- 547 ResearchPoint™
- 151 Blackbaud Tuition Management™
- 1 YourCause® from Blackbaud®
- 61 everydayhero
- 3 Campaign Ideas
- 58 General Discussion
- 115 Blackbaud ID
- 87 K-12 Blackbaud ID
- 6 Admin Console
- 949 Organizational Best Practices
- 353 The Tap (Just for Fun)
- 235 Blackbaud Community Feedback Forum
- 55 Admissions Event Management EAP
- 18 MobilePay Terminal + BBID Canada EAP
- 36 EAP for New Email Campaigns Experience in Blackbaud Luminate Online®
- 109 EAP for 360 Student Profile in Blackbaud Student Information System
- 41 EAP for Assessment Builder in Blackbaud Learning Management System™
- 9 Technical Preview for SKY API for Blackbaud CRM™ and Blackbaud Altru®
- 55 Community Advisory Group
- 46 Blackbaud Community Ideas
- 26 Blackbaud Community Challenges
- 7 Security Testing Forum
- 1.1K ARCHIVED FORUMS | Inactive and/or Completed EAPs
- 3 Blackbaud Staff Discussions
- 7.7K ARCHIVED FORUM CATEGORY [ID 304]
- 1 Blackbaud Partners Discussions
- 1 Blackbaud Giving Search™
- 35 EAP Student Assignment Details and Assignment Center
- 39 EAP Core - Roles and Tasks
- 59 Blackbaud Community All-Stars Discussions
- 20 Blackbaud Raiser's Edge NXT® Online Giving EAP
- Diocesan Blackbaud Raiser’s Edge NXT® User’s Group
- 2 Blackbaud Consultant’s Community
- 43 End of Term Grade Entry EAP
- 92 EAP for Query in Blackbaud Raiser's Edge NXT®
- 38 Standard Reports for Blackbaud Raiser's Edge NXT® EAP
- 12 Payments Assistant for Blackbaud Financial Edge NXT® EAP
- 6 Ask an All Star (Austen Brown)
- 8 Ask an All-Star Alex Wong (Blackbaud Raiser's Edge NXT®)
- 1 Ask an All-Star Alex Wong (Blackbaud Financial Edge NXT®)
- 6 Ask an All-Star (Christine Robertson)
- 21 Ask an Expert (Anthony Gallo)
- Blackbaud Francophone Group
- 22 Ask an Expert (David Springer)
- 4 Raiser's Edge NXT PowerUp Challenge #1 (Query)
- 6 Ask an All-Star Sunshine Reinken Watson and Carlene Johnson
- 4 Raiser's Edge NXT PowerUp Challenge: Events
- 14 Ask an All-Star (Elizabeth Johnson)
- 7 Ask an Expert (Stephen Churchill)
- 2025 ARCHIVED FORUM POSTS
- 322 ARCHIVED | Financial Edge® Tips and Tricks
- 164 ARCHIVED | Raiser's Edge® Blog
- 300 ARCHIVED | Raiser's Edge® Blog
- 441 ARCHIVED | Blackbaud Altru® Tips and Tricks
- 66 ARCHIVED | Blackbaud NetCommunity™ Blog
- 211 ARCHIVED | Blackbaud Target Analytics® Tips and Tricks
- 47 Blackbaud CRM Higher Ed Product Advisory Group (HE PAG)
- Luminate CRM DC Users Group
- 225 ARCHIVED | Blackbaud eTapestry® Tips and Tricks
- 1 Blackbaud eTapestry® Know How Blog
- 19 Blackbaud CRM Product Advisory Group (BBCRM PAG)
- 1 Blackbaud K-12 Education Solutions™ Blog
- 280 ARCHIVED | Mixed Community Announcements
- 3 ARCHIVED | Blackbaud Corporations™ & Blackbaud Foundations™ Hosting Status
- 1 npEngage
- 24 ARCHIVED | K-12 Announcements
- 15 ARCHIVED | FIMS Host*Net Hosting Status
- 23 ARCHIVED | Blackbaud Outcomes & Online Applications (IGAM) Hosting Status
- 22 ARCHIVED | Blackbaud DonorCentral Hosting Status
- 14 ARCHIVED | Blackbaud Grantmaking™ UK Hosting Status
- 117 ARCHIVED | Blackbaud CRM™ and Blackbaud Internet Solutions™ Announcements
- 50 Blackbaud NetCommunity™ Blog
- 169 ARCHIVED | Blackbaud Grantmaking™ Tips and Tricks
- Advocacy DC Users Group
- 718 Community News
- Blackbaud Altru® Hosting Status
- 104 ARCHIVED | Member Spotlight
- 145 ARCHIVED | Hosting Blog
- 149 JustGiving® from Blackbaud® Blog
- 97 ARCHIVED | bbcon® Blogs
- 19 ARCHIVED | Blackbaud Luminate CRM™ Announcements
- 161 Luminate Advocacy News
- 187 Organizational Best Practices Blog
- 67 everydayhero Blog
- 52 Blackbaud SKY® Reporting Announcements
- 17 ARCHIVED | Blackbaud SKY® Reporting for K-12 Announcements
- 3 Luminate Online Product Advisory Group (LO PAG)
- 81 ARCHIVED | JustGiving® from Blackbaud® Tips and Tricks
- 1 ARCHIVED | K-12 Conference Blog
- Blackbaud Church Management™ Announcements
- ARCHIVED | Blackbaud Award Management™ and Blackbaud Stewardship Management™ Announcements
- 1 Blackbaud Peer-to-Peer Fundraising™, Powered by JustGiving® Blogs
- 39 Tips, Tricks, and Timesavers!
- 56 Blackbaud Church Management™ Resources
- 154 Blackbaud Church Management™ Announcements
- 1 ARCHIVED | Blackbaud Church Management™ Tips and Tricks
- 11 ARCHIVED | Blackbaud Higher Education Solutions™ Announcements
- 7 ARCHIVED | Blackbaud Guided Fundraising™ Blog
- 2 Blackbaud Fundraiser Performance Management™ Blog
- 9 Foundations Events and Content
- 14 ARCHIVED | Blog Posts
- 2 ARCHIVED | Blackbaud FIMS™ Announcement and Tips
- 59 Blackbaud Partner Announcements
- 10 ARCHIVED | Blackbaud Impact Edge™ EAP Blogs
- 1 Community Help Blogs
- Diocesan Blackbaud Raiser’s Edge NXT® Users' Group
- Blackbaud Consultant’s Community
- Blackbaud Francophone Group
- 1 BLOG ARCHIVE CATEGORY
- Blackbaud Community™ Discussions
- 8.3K Blackbaud Luminate Online® & Blackbaud TeamRaiser® Discussions
- 5.7K Jobs Board