Changes to TLS protocol

Microsoft and other leading browser makers – Apple, Google and Mozilla – deprecated Transport Layer Security (TLS) 1.0 and 1.1 in their browsers in 2018 and have completely disabled these versions from late 2020.

What is TLS?
Transport Layer Security is an encryption protocol designed to offer end-to-end security for web-based communications. TLS 1.0 and TLS 1.1 are ancient protocols, released in 1996 and 2006, respectively.

The protocols use weak cryptographic algorithms and are vulnerable to a series of cryptographic attacks that have been disclosed over the past two decades.

At AMC Consult A/S we are committed to providing the best security for our customers and that is why with our coming version of XTendLink (v233) we will follow industry standards and disable support for TLS 1.0 and TLS 1.1.

This means that when XTendLink v233 is released it will only be supporting TLS 1.2 and customers who have not updated their software recently might experience problems calling our webservice.

Please find below if you need to make any changes to your ERP system in order to ensure you will not face any problems using XTendLink in the future.

For Microsoft Dynamics AX:
As part of this security update, you will be affected if you have Banking or Direct Debit for any of the following products
Microsoft Dynamics AX 4.0
Microsoft Dynamics AX 2009
Microsoft Dynamics AX 2012
Microsoft Dynamics AX 4.0 and 2009:

Both Microsoft Dynamics AX 4.0 and 2009 versions use the ServerXTLHTTP.6.0 and the WinHttp components for secure communication between your AX environment and our cloud services. Your AX environment is currently using the deprecated TLS 1.0 protocol or older. To ensure that the newest TLS 1.2 protocol is used instead, you will need to update you Windows, install the latest .NET framework version and ensure your WinHttp component uses the TLS 1.2 as default protocol.

As this is a standard Windows component, your Banking and/or Direct debit will not need to be updated, in order to comply with the new security regulations.

For more information, the Microsoft article below, describes the issue and how this is solved.
https://support.microsoft.com/en-us/help/3140245/update-to-enable-tls-1-1-and-tls-1-2-as-default-secure-protocols-in-wi

Microsoft Dynamics AX 2012:
Microsoft Dynamics AX 2012 uses a native SOAP component, which is deployed server-side as a DLL in the VSAssemblies folder of the AOS server(s). This DLL is built based on the code in the AMC Banking 2012 Foundation model, so to get the new version that enforces the TLS 1.2 component, you will need to update your Banking installation to 2012.7.1.0 or higher. Alternatively, you can follow the steps presented for AX 2009 above to get your ERP working with the TLS 1.2 protocol.

Microsoft Dynamics 365 for Finance and Operations:
Is not affected, because D365FO already uses the TLS 1.2 protocol as default. Nevertheless, we recommend keeping both D365FO as well as our Banking solution updated at all time.

For Microsoft Dynamics NAV:
As part of this security update, you will be affected, if you are using “Bank Data Conversion Service” for any of the following products
Microsoft Dynamics NAV 2015
Microsoft Dynamics NAV 2016
Microsoft Dynamics NAV 2017


Microsoft Dynamics NAV 2015/2016/2017:
All three Microsoft Dynamics NAV versions use dotnet components for secure communication between your NAV environment and our cloud services. You will need to update your Microsoft Dynamics NAV 2015/2016/2017 to its respective Microsoft Cumulative Update to ensure that TLS 1.2 is used as a default protocol.

To find out which Cumulative Update is the correct one for your NAV, please check the Microsoft article below:
https://cloudblogs.microsoft.com/dynamics365/no-audience/2018/12/06/how-to-get-earlier-versions-of-the-dynamics-nav-development-environment-to-work-with-tls-1-2/

After installing the correct Cumulative Update on your server/clients, you will need to manually edit the “CustomSettings.config” file for the NAV server, usually found here:
https://docs.microsoft.com/en-us/dynamics-nav/configuring-microsoft-dynamics-nav-server

The key that needs to be added the customsettings.config:
<add key=”SecurityProtocol” value=”Tls12″/>

Microsoft Dynamics NAV 2018 and Microsoft Dynamics 365 Business Central:
Is not affected, because they already use the TLS 1.2 protocol as default. Nevertheless, we recommend keeping both solutions updated at all time.