AnsweredAssumed Answered

TLSv1enabled on FileMaker Server after latest macOS Security Update

Question asked by cranstonit on Feb 7, 2018
Latest reply on May 17, 2018 by TSGal

Product and version - FileMaker Server 16.0.3 and 16.0.4

OS and version - macOS 10.12.6 with latest security updates installed (i.e. Apache 2.4.28)

Hardware - MacMini, i7, 16GB of RAM

Description

I have a couple of FileMaker Servers running running FileMaker Server 16 on macOS 10.12.6.   We've discovered that after running the latest security updates for macOS which installs Apache v2.4.28 that our PCI Compliance scans were failing because TLSv1.0 was enabled on the servers. 

 

Before running the macOS security updates TLSv1 was not enabled.  I've been able to reproduce the issue on a test server.

 

Typically, updating the "/conf/extra/httpd-ssl.conf" file to only accept TLSv1.2 connections resolves this issue.  The setting appears to be correct in the FileMaker Server/HTTPServer folder ( SSLProtocol TLSv1.2) and yet apache appears to ignore the setting. 

 

I've tried different settings like ( SSLProtocol all -SSLv2 -SSLv3 -TLSv1) and that did not disable TLSv1.

 

How to replicate -

  1. Install latest macOS Security updates on FileMaker Server running macOS 10.12.6 with FileMaker Server installed and SSL enabled.   
  2. Run TLSv1 test
    1. Terminal Command - openssl s_client -connect <ServerHostName>:443 -tls1
    2. SSL Server Test (Powered by Qualys SSL Labs)

 

Workaround (if any) - None that I'm aware of.

Outcomes