MyFax® Corporate TLS 1.2 Upgrade
The following FAQs provide everything you need to know to ensure your MyFax Corporate instance supports version 1.2 of the Transport Layer Security (TLS) protocol.
What does this upgrade do?
This upgrade brings the MyFax Corporate service into alignment with Payment Card Industry (PCI-DSS) and Federal recommendations that organizations implement TLS v1.2 for all HTTPS connections. This upgrade is especially beneficial for companies that digitally handle and transport sensitive data such as personally identifiable financial information or patient healthcare records.
There is no feature gain or loss for MyFax Corporate relating to this change. This upgrade is ONLY for TLS v1.2.
- For more information on TLS v1.2, refer to the National Institute of Standards and Technology (NIST) TLS 1.2 Guidelines.
- For more information on the PCI-DSS TLS update requirements, refer to the PCI TLS Resource Guide.
Is this upgrade mandatory?
Yes, the upgrade is mandatory. For security compliance reasons we will no longer support TLS versions 1.0 and 1.1.
Is there a deadline for updating our system?
Yes, the deadline for upgrading your system is May 24, 2018. If you do not perform the recommended upgrades your fax system(s) will suffer outages after this date.
If you have already completed and verified the TLS 1.2 upgrade, please disregard this notice.
What do I need to do to upgrade?
The steps to follow to upgrade to TLS 1.2 depend on whether you are running Java or .NET, and whether you are using the MyFax Corporate Fax Service Router.
For Java Clients:
Java clients who wrote their own client-side process need only upgrade their underlying JRE to Java 8u20+.
For .NET Clients:
.NET clients who wrote their own client-side process should consider upgrading to the latest .NET Framework (v4.6+). This can be obtained from:
https://www.microsoft.com/en-ca/download/details.aspx?id=48130. The latest versions of the .NET framework support TLS v1.2 by default.
If this upgrade is not possible, consider ONE of the following alternatives:
.NET Option One:
Upgrade to .NET Framework v4.5.
TLS v1.2 is supported but NOT by default. You must also add the following line to your code base before attempting a secure connection to the MyFax® endpoint:
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12
.NET Option Two:
For .NET Framework v4.0 users, TLS v1.2 is NOT supported. However, if you have .NET Framework 4.5 installed on your system, you can leverage the 4.5 Framework by adding the following line to your code base before attempting a secure connection to the MyFax® endpoint:
ServicePointManager.SecurityProtocol = (SecurityProtocolType)3072;
.NET Option Three:
For .NET Framework v3.5 users, patch your framework using one of the following Microsoft Windows patches:
- KB3154518 – Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win7 SP1/Win 2008 R2 SP1
- KB3154519 – Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8 RTM/Win 2012 RTM
- KB3154520 – Reliability Rollup HR-1605 - NDP 2.0 SP2 - Win8.1RTM/Win 2012 R2 RTM
- KB3156421 – 1605 HotFix Rollup through Windows Update for Windows 10
Use the following link to test the TLS capability of your .NET system — before and after your TLS upgrade — to ensure that TLS 1.2 has been enabled.
For Fax Service Router (FSR) Clients:
If you did NOT update to the latest version of the .NET Framework, then make sure you have implemented one of the alternative .NET options above before performing the following steps.
- Backup all of your current Fax Service Router files (default folder
C:\Program Files\Internet Fax\Fax Service Router\) so that the uninstall and re-install doesn’t cause you to lose your existing data.
- Uninstall your current Fax Service Router.
- Install the new Fax Service Router (default install folder for 64bit is
C:\Program Files\FaxServiceRouter\but you can set it to
C:\Program Files\Internet Fax\Fax Service Router\during the install process if you want, since your existing routing tables will still be in
C:\Program Files\Internet Fax\Fax Service Router\RoutingTable\).
- If you did NOT reset your default folder to
C:\Program Files\Internet Fax\Fax Service Router\as stated in Step 4, you should now move your routing table files into the RoutingTable folder (new default is
- Using the new PasswordEncrypter to re-encrypt your password(s) on your routing table(s).
- If you had any custom configurations set in
C:\Program Files\Internet Fax\Fax Service Router \FaxServiceRouter.exe.configyou will need to add them to
C:\Program Files\FaxServiceRouter\ FaxServiceRouter.exe.config.
- If your services require domain level authentication make sure to add that back into the new service.
- Start the service.