Hello All,
We recently upgraded to Tessitura v14.02 and we are currently going through our PCI certification process.
We have a web server we use for the ticketing website running Server 2012R2, another web server running Server 2012R2 for the API websites, a Windows 2016 server running SQL 2016 (Impresario DB in 2014 mode). When we modify the windows registry to disable the TLS 1.0 protocol for both client and server keys, everything stops communicating. Pulling an event detail on the ticketing website causes an exception (SSL/TLS related) and running the Tessitura application produces an error trying to connect to the DB.
Has anyone else experienced similar issues? This makes PCI compliance quite difficult and Vantive is not liking this fact too much.
Much Thanks!
Hi Chris,
I'm struggling with some TLS issues as well. This is the response from Tessitura HD regarding disabling TLS v1.0. Thought it might help.
Best, Michael J
The database must keep TLS 1.0 enabled to communicate to the services properly for Tessitura. You can have TLS 1.2 enabled and transmission will take place on the highest TLS setting available. Vantiv is their payment processor. In 12.5.1 the payment gateway is a windows service and isn't affected by TLS in the same way an IIS service is affected.
First, you should make sure that TLS 1.2 is enabled, while keeping 1.0 on so there are't failures of communication.
Second, Tessitura communicates with Vantiv, then Vantiv communicates with First Data. You should talk to Vantiv to make sure that Vantiv is ready for First Data to shut off TLS settings. Also ask Vantiv if there is a way to run some tests between Tessitura, Vantiv and First data with TLS 1.0 shut off at Vantiv to make sure there are no issues. This is a Vantiv Developer blog, but it might help in having a conversation with Vantiv https://developer.vantiv.com/community/point-of-sale/blog/2017/09/07/5-tips-to-help-you-easily-migrate-to-tls-12.
Remember, in v14.0 since the payment gateway moved to belong in the Tessitura Service (IIS) we made sure to enable communication on TLS 1.2, which was done in Service Pack 2 (14.0.2). In v14.1 the option to shut off TLS 1.0 on the database will become available as well.
Hello Michael! Thanks for chiming in on this. I was able to get the same answer from Tessitura as you provided. I also contacted Vantive and they informed me that TLS 1.0 will be allowed until June 30 2018 as long as you fill out their mitigation documentation and upload it when you dispute the PCI fail you will get for TLS1.0 being enabled. W have a waiver until June 30 now.
Thanks!
Chris,
To what particular mitigation document are you referring? I was unable to find one. I would love to see whatever it is you were given. We are going through a bit of this mess as well.
John
Hello John,
I filled this out https://www.trustwave.com/Resources/Library/Documents/SSL-and-Early-TLS-Risk-Mitigation-Template-for-the-Payment-Card-Industry-Data-Security-Standard/ and uploaded that in my scan dispute for TLS1.0. In the dispute, I referred to the uploaded document as my "mitigating steps"
Hope this helps.
Chris
Sorry for the delay, I was out of the office. Thanks for this! That was very helpful. We were able to use this to take care of our TLS 1.0 issue.