Product and version - FileMaker Server 16.0.3 and 16.0.4
OS and version - macOS 10.12.6 with latest security updates installed (i.e. Apache 2.4.28)
Hardware - MacMini, i7, 16GB of RAM
I have a couple of FileMaker Servers running running FileMaker Server 16 on macOS 10.12.6. We've discovered that after running the latest security updates for macOS which installs Apache v2.4.28 that our PCI Compliance scans were failing because TLSv1.0 was enabled on the servers.
Before running the macOS security updates TLSv1 was not enabled. I've been able to reproduce the issue on a test server.
Typically, updating the "/conf/extra/httpd-ssl.conf" file to only accept TLSv1.2 connections resolves this issue. The setting appears to be correct in the FileMaker Server/HTTPServer folder ( SSLProtocol TLSv1.2) and yet apache appears to ignore the setting.
I've tried different settings like ( SSLProtocol all -SSLv2 -SSLv3 -TLSv1) and that did not disable TLSv1.
How to replicate -
- Install latest macOS Security updates on FileMaker Server running macOS 10.12.6 with FileMaker Server installed and SSL enabled.
- Run TLSv1 test
- Terminal Command - openssl s_client -connect <ServerHostName>:443 -tls1
- SSL Server Test (Powered by Qualys SSL Labs)
Workaround (if any) - None that I'm aware of.