Effective from 30 November 2023,  Freshservice will be changing its transport layer security controls to allow only TLS 1.2 Strong cipher suites. This update will ensure enhanced data security when accessing Freshservice via various clients.


Described below is the compatibility across Desktop Browsers and Mobile Operating Systems.

 

Browser compatibility

  • Chrome/Firefox/Safari/Edge: Latest 2 versions


To verify your browser compatibility with TLS 1.2 strong cipher suites 

What happens if the update is not performed?

To ensure uninterrupted access to Freshservice, please upgrade your browser to the latest version. Failure to do so may result in your inability to access Freshservice through your current browser.

 



API compatibility

  • Set up an API client in a test environment. This could be any software that you are using to integrate to Freshservice or any custom integration code that you have written.
  • In that test environment, change the API client's endpoint hostname from yourdomain.freshservice.com to tlstest.freshservice.com.
  • If you see a '403 Forbidden' status with the message 'You are not authorized to perform this action.', then this test is passed. This response means that the underlying TLS connection was successful.
  • If you instead see an SSL error message with a handshake failure, then the test has failed. Your API client will require adjustments or upgrades. Please check your client's documentation on how to upgrade to TLS 1.2 strong cipher support. 


Discovery Probe and Windows Agent installed devices compatibility.


To ensure uninterrupted discovery of assets due to the TLS 1.2 Strong cipher suites, it is essential to update the discovery tools running on older versions of Windows OS.

Note: This update does not apply to Mac and Linux systems.

Affected Versions:

The Strong cipher suites update affects the following Windows OS versions:


Windows 7

Windows 8

Windows 8.1

Windows Server 2008

Windows Server 2008 R2

Windows Server 2012

Windows Server 2012 R2

Action to be taken:

To access Freshservice using the above Windows OS versions that utilize weak cipher, it is essential to upgrade the Discovery probe and the Windows agent to the latest release versions. 


Discovery Probe: Version  5.0.0

Windows Agent: Version 3.0.0

Updating the Discovery Tools:

There are two possible scenarios for updating the discovery tools.

Auto-update Enabled: The Discovery auto-update schedule will automatically update the discovery probe and agent to the latest versions, ensuring a seamless transition without manual intervention.

Auto-update Disabled: If the auto-update schedule is disabled on your machines, manual updates are required. Follow the steps below to update the discovery tools manually.

Note: Please note that there are situations where the auto-update feature may be (unintentionally) disabled. This can occur due to factors such as insufficient privileges, incorrect system configurations, or the machine being turned off.

a. Discovery Probe: Download and install the latest version of the Discovery probe (version 5.0.0)  following this guide.

b. Windows Agent: Similarly, download and install the latest version of the Windows agent (version 3.0.0) specifically for Windows operating systems following this guide.

Domain whitelisting

If a firewall policy or proxy is enabled in the environment, it is important to whitelist specific domains based on regions.




What happens if the update is not performed?

To avoid any disruption in asset discovery, it is essential to update both the Discovery probe and the Windows agent before the deprecation deadline. Failure to update may result in halting asset discovery on devices running in older Windows OS versions. 


If you've got any additional queries, drop a mail to support@freshservice.com.