We are becoming aware of more 3rd party service providers that are updating their web server TLS 1.2 security to use cipher suites that are not supported by Windows Server 2012 R2.
Geocortex Essentials Manager and the Geocortex Essentials REST endpoint make connections server-side, not client-side via a web browser. This means that if Geocortex Essentials is installed on Windows Server2012 R2, it cannot connect to any ArcGIS Server or Open Geospatial Consortium (OGC) providers that use TLS 1.2 with cipher suites not supported in Windows Server 2012 R2.
The SSL Labs Analysis tool can be used to generate a report on any provider that is not working in Essentials in order to find the cipher suites being used and compare them against the supported list from Microsoft.
Example:
https://hazards.fema.gov/gis/nfhl/rest/services
Running a SSL Labs Analysis on the FEMA web server will output a report that lists the following cipher suites available on this web server, neither of which are listed as supported in Windows 8.1 and Server 2012 R2.
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
SSL Labs Analysis Tool:
https://www.ssllabs.com/ssltest/
Supported Cipher Suites in Windows 8.1 and Server 2012 R2:
https://learn.microsoft.com/en-us/windows/win32/secauthn/tls-cipher-suites-in-windows-8-1
Recommended Fix:
There is no work around for this issue inside Essentials while running Server 2012 R2. The only fix is to upgrade Windows Server 2012 R2 to a newer release. We don't have a specific recommendation on which Windows Server version you use, but it is recommended to review Microsoft's support dates for each version.
Known 3rd party services using advanced cipher suites:
FEMA - https://hazards.fema.gov/gis/nfhl/rest/services
Open Street Map - https://*.tile.openstreetmap.org/
NPDC - https://atlas.npdc.govt.nz/server/rest/services
USGS - https://carto.nationalmap.gov/arcgis/rest/services
Geocortex Essentials has not been tested on any Windows Server release using services secured with TLS 1.3.
Comments
0 comments
Please sign in to leave a comment.