The Filr 3.3 release comes with a very important capability that is going to enable Filr deployments to become very secure going forward. The capability I am talking about here is the support of TLSv1.2 protocol.
As of the Filr 3.2 release, the TLSv1.2 support was introduced on the Filr endpoints. By endpoints I mean the various clients – web clients, Android and iOS mobile clients, and Windows and Mac Desktop Client. This enabled the Filr clients to use TLSv1.2 protocol where ever possible. An additional benefit with the inclusion of this capability on the clients is that the Filr clients integrate seamlessly in environments that are TLSv1.2 enforced. We found that the latest NAM environment has TLSv1.2 enforced by default. The latest version of Filr will seamlessly integrate with NAM.
With Filr 3.3, this capability goes one notch up. The TLSv1.2 protocol can now be enabled on the Filr Server side as well. This is a configuration that will be available to the Filr Administrators from the Filr 3.3 release onwards. Filr Administrators should ensure that all the clients in their enterprise are at the latest version, at least Filr 3.2 release before enabling this option. Hence the capability is positioned as a configuration option.
The setting of the TLSv1.2 protocol on the Filr server side can be done at the Filr Appliance Administration portal which is accessible at https://filr:9443.
The screen shot below shows the configuration option:
To access this option, after logging into the Filr Appliance Administration portal, go to Filr Configuration -> Network Tab. In the Network Tab, the last option allows enabling TLSv1.2 protocol. Please note that once this option is enabled, then the ONLY TLS procotol supported is TLS v1.2. Both the TLSv1 and TLSv1.1 protocols are disabled.
The configuration option has the supporting text appended to it, which helps the Filr Administrator decide when to enable this option. Please note, this option should be enabled on every Filr Appliance server. Mixed mode of the appliances should work fine but it is recommended to enable this option (whenever possible) on all the Filr Appliances all at once.
With the configuration enabled between the Filr clients and server, a lot of vulnerabilities are taken care of (like the BEAST vulnerability). Also the security rating of the product deployment with the configuration turned on gets greatly enhanced.
This configuration option is not applicable to the Filr Search and MySQL appliance shipped with the Filr product.
Hope to see a quick adoption of this capability.