Archived AnnouncementsBack to Announcements Page
We want to inform you that Druva will end support for SSLv3 and TLS 1.0, and revoke expired root certificates in the trust store on AD Connector and Cloud Cache clients on May 01, 2017 at 9:30 AM PDT (17:30 UTC). Why is Druva making this change? As you may be aware, SSLv3 and TLS 1.0 are now obsolete and known to have several security vulnerabilities. IETF, as well as several government agencies and global compliance regulations have mandated that SSLv3 and TLS 1.0 must not be used. In line with the best security practices, the latest inSync Clients use TLS 1.1 or higher for secure communication. In line with our commitment to always ensure confidentiality and integrity of customer data, Druva is ending support for SSLv3 and TLS 1.0 protocols. In addition, Druva is also taking this opportunity to upgrade the root certificates to one signed using a SHA-256 hash to ensure enhanced security. inSync Client, AD Connector, and Cloud Cache versions 5.8 and above have root certificates that use the SHA-256 hash. What is the impact of this security enhancement?
It is critical that you take the following action immediately:
Important Note: If the inSync Client version is lower than 5.4.2, you have to first manually upgrade the client to version 5.4.2, and then you have the option to auto-upgrade or manually upgrade to version 5.9. If the inSync Client version is 5.4.2 or higher, you have the option to either auto-upgrade or manually upgrade the client to version 5.9. Where can I access the upgrade matrix and supporting documentation? You can access the upgrade matrix and other detailed information in the inSync Client Upgrade Kit. Druva Support As always, we appreciate your business and should you need any further assistance, you can open a case with Support from support.druva.com. As per Druva's end-of-life (EOL) policy, Druva discontinues versions of inSync Client that are more than 15 months old. To learn more click here. |