Cloud Contact Center Software Five9 TLS Disablement Administrator s Guide April 2018 This document describes the disablement of TLS 1.0 by Five9 and the actions that you must perform to ensure continued service. Five9 and the Five9 logo are registered trademarks of Five9 and its subsidiaries in the United States and other countries. Other marks and brands may be claimed as the property of others. The product plans, specifications, and descriptions herein are provided for information only and subject to change without notice, and are provided without warranty of any kind, express or implied. Copyright 2018 Five9, Inc.
About Five9 Five9 is the leading provider of cloud contact center software, bringing the power of the cloud to thousands of customers and facilitating more than three billion customer interactions annually. Since 2001, Five9 has led the cloud revolution in contact centers, delivering software to help organizations of every size transition from premise-based software to the cloud. With its extensive expertise, technology, and ecosystem of partners, Five9 delivers secure, reliable, scalable cloud contact center software to help businesses create exceptional customer experiences, increase agent productivity and deliver tangible results. For more information visit www.five9.com. Trademarks Five9 Five9 Logo Five9 SoCoCare Five9 Connect ii Five9 TLS 1.0 Disablement Adminstrator s Guide
What s New Chapter 2 This table lists the changes made in the recent releases of this document: Release April 2018 March 2018 January 2018 Changes Updated TLS desupport date. Added these sections: Downloading Call Recordings Using GNU Wget Five9 Statistics Portal Added SSO and SCC to Outbound Computers Accessed from Five9. Updated TLS desupport date. Initial document publication. iii VCC Agent REST API Reference Guide
The audience for this document: Experienced system administrators who are responsible for security software upgrades. Managers who require an overview of the TLS upgrade. TLS is the Transport Layer Security protocol. TLS provides secure data exchange between communicating applications. TLS 1.0 has a vulnerability that might enable attacks and decryption of communications between the client and server. For more information, see Migrating from SSL and Early TLS. You must upgrade your software to support TLS 1.1 or 1.2. After Five9 disables TLS 1.0, if you still have applications that use TLS 1.0 to communicate with Five9, they will fail. Important Five9 will stop supporting TLS 1.0 on June 13, 2018. To prepare, Five9 recommends that you upgrade your software to support TLS 1.0 to 1.1 or 1.2 as soon as possible. To examine the Five9 supported Web browsers, security protocols, ciphers, and how to configure your Web browser to support TLS 1.1 and 1.2, see the Five9 Technical Requirements. Computers Affected by TLS Upgrading Software Downloading Call Recordings Using GNU Wget Five9 Statistics Portal Testing 1 Five9 TLS 1.0 Disablement Administrator s Guide
Computers Affected by TLS Computers Affected by TLS These computers will be affected when Five9 disables TLS 1.0: Your workstations running the Five9 Java and Plus applications, and any custom API or SDK applications that you have developed. Third-party inbound hosts accessing the Five9 data center services to retrieve or update information in VCC. Third-party outbound hosts accessed from the Five9 data center to retrieve or update information in the third-party hosts. The following diagram shows a system overview. These sections describe the computers and software: Workstations Third-Party Computers Workstations Ensure that your workstations comply with the Five9 Technical Requirements. Java Applications Web Applications Other Software Java Applications Workstations running these Java applications are affected by the TLS upgrade: Administrator Supervisor Agent CTI Web Services API 2 Five9 TLS 1.0 Disablement Administrator s Guide
Computers Affected by TLS Adapter for Agent Desktop Toolkit Open CTI Adapter for Salesforce Adapter for Oracle Service Cloud Adapter for Zendesk Adapter for NetSuite Adapter for Velocify Web Applications Workstations running these Web applications are affected by the TLS upgrade: Agent Desktop Plus Plus Adapter for Agent Desktop Toolkit Plus Adapter for Salesforce Plus Adapter for Oracle Service Cloud Plus Adapter for Zendesk Plus Adapter for NetSuite Plus Adapter for Microsoft Dynamics CRM Video Engagement Web Engagement Email, Chat, and Social Dashboards and reporting For single sign-on with the Five9 Plus applications, ensure that your identity provider supports the security protocols and ciphers listed in the Five9 Technical Requirements. Other Software This software is affected by the TLS upgrade: Supervisor App for ipad NICE Wget for downloading call recordings Statistics Portal 3 Five9 TLS 1.0 Disablement Administrator s Guide
Upgrading Software Third-Party Computers Ensure that the third-party computers comply with the Five9 Technical Requirements. A third-party computer runs software that retrieves or updates information in the Five9 data center computers. These sections list the software: Inbound Computers Accessing Five9 Outbound Computers Accessed from Five9 Inbound Computers Accessing Five9 Third-party inbound computers using these Five9 interfaces are affected: VCC Agent REST API Configuration Web Services API Configuration Web Services for.net Statistics Web Services API Web2Campaign Outbound Computers Accessed from Five9 Third-party outbound computers using these Five9 interfaces are affected: IVR Query module Connectors SSO and SCC (Five9 email) Upgrading Software Web Browsers TLS Java REST API, SOAP API, and SDK Client Applications Web Browsers Upgrade and configure your Web browsers to use TLS 1.1 or 1.2. See the Five9 Technical Requirements, which shows the supported browsers and configuration steps. 4 Five9 TLS 1.0 Disablement Administrator s Guide
Upgrading Software TLS Upgrade TLS from 1.0 to 1.1 or 1.2. Java Upgrade Java JRE from any earlier version to 1.8. REST API, SOAP API, and SDK Client Applications The Five9 REST APIs accessed through these addresses are affected by the TLS upgrade: https://app-<active_data_center>.five9.com https://app-<active_data_center>.five9.eu The Five9 SOAP APIs accessed through these addresses are affected by the TLS upgrade: https://api.five9.com https://api.five9.eu These sections are examples for commonly used programming languages: Java.NET Framework Python Ruby Java You must use Java JRE and JDK 1.8..NET Framework You must use the latest.net version. Microsoft.NET Framework version 4.5 or higher is required for TLS 1.1 or 1.2. Microsoft.NET 4.5, 4.5.1, and 4.5.2 do not enable TLS 1.1 or 1.2 by default. You must enable TLS 1.1 or 1.2 using the Microsoft instructions. 5 Five9 TLS 1.0 Disablement Administrator s Guide
Downloading Call Recordings Using GNU Wget Python You must use Python 2.7.9 or higher. This example sets the TLS version to 1.2: import ssl import urllib2 ctx = ssl.sslcontext(ssl.protocol_tlsv1_2) # set other SSLContext options you might need response = urllib2.urlopen(url, context=ctx) Ruby You must use Ruby 2.0.0 or higher. This example sets the TLS version to 1.2: ctx = OpenSSL::SSL::SSLContext.new ctx.ssl_version = :TLSv1_2 Downloading Call Recordings Using GNU Wget If you download call recordings from https://recordings.five9.com using the Wget utility, read this section. Wget is a free software package for retrieving files using HTTP, HTTPS, FTP, and FTPS. You can run Wget from a command line, a script, a cron job, and other methods. For more information about Wget, go to https://www.gnu.org/software/wget. Affected Systems Actions Required Affected Systems After Five9 disables TLS 1.0, Wget versions lower than 1.16.1 will not be able to establish a connection to the Five9 servers and call recording downloads will fail. 6 Five9 TLS 1.0 Disablement Administrator s Guide
Downloading Call Recordings Using GNU Wget Actions Required To avoid interruption of your call recording downloads, update Wget to version 1.16.1 or higher, which supports TLS 1.1 and 1.2. Actions for Windows Actions for Unix Testing Wget Verifying Your Call Recording Downloads Actions for Windows Examining Your Current Wget Version Downloading Wget Upgrading Wget Examining Your Current Wget Version. To examine your current Wget version on Windows: 1 Start a command prompt. 2 Go to the directory where Wget is installed. 3 Run wget--version. 4 Write down the version, for example: GNU Wget 1.11.4. If your Wget version is lower than 1.16.1, update Wget. Otherwise, you can omit the update. 7 Five9 TLS 1.0 Disablement Administrator s Guide
Downloading Call Recordings Using GNU Wget Downloading Wget. Five9 does not distribute Wget. You download Wget from a thirdparty organization, for example: https://eternallybored.org/misc/wget. The current stable release is version 1.19.4. 32-bit package: https://eternallybored.org/misc/wget/releases/wget-1.19.4- win32.zip 64-bit package: https://eternallybored.org/misc/wget/releases/wget-1.19.4- win64.zip Upgrading Wget. To install the latest Wget package on Windows, open the ZIP file you downloaded earlier, extract wget.exe, and replace the existing executable on your computer with the new version. Actions for Unix Examining Your Current Wget Version Downloading Wget Upgrading Wget Examining Your Current Wget Version. To examine your current Wget version on Unix: 1 Start a command prompt or remote SSH session. 2 Go to the directory where Wget is installed. 3 Run wget--version. 4 Write down the version, for example: GNU Wget 1.14. If your Wget version is lower than 1.16.1, update Wget. Otherwise, you can omit the update. Downloading Wget. You download Wget for Unix from https://www.gnu.org/software/wget. 8 Five9 TLS 1.0 Disablement Administrator s Guide
Downloading Call Recordings Using GNU Wget Upgrading Wget. To install the latest Wget package for Unix, run the apt update and apt upgrade commands. Testing Wget To ensure that Wget supports TLS 1.1 and 1.2, run this command: wget -d https://www.five9.com This screenshot shows a successful connection with the message Handshake successful. This screenshot shows an unsuccessful connection with the message SSL handshake failed. 9 Five9 TLS 1.0 Disablement Administrator s Guide
Five9 Statistics Portal Verifying Your Call Recording Downloads After upgrading the Wget utility, download a batch of recordings using your command scripts. Verify that the call recordings are downloaded. Five9 Statistics Portal If you are using Five9 Statistics Portal, read this section. Affected Systems Actions Required Affected Systems After Five9 disables TLS 1.0, Statistics Portal versions below 9.5.0.1 will not be able to establish a connection to the Five9 servers and will fail to retrieve statistics. Actions Required To enable support for TLS 1.1 and 1.2 and avoid service interruption, you must update Statistics Portal to version 9.5.0.1 or higher. Examining Your Current Statistics Portal Version Upgrading Statistics Portal Verifying Statistics Portal Installation Examining Your Current Statistics Portal Version To examine your current Statistics Portal version, use the Statistics Portal server application (Five9 Cloud Bridge) or the Statistics Portal Web client application as described in the following sections. Statistics Portal Server Application Statistics Portal Web Client Application Statistics Portal Version Statistics Portal Server Application. To examine your current Statistics Portal version, right-click the Five9 icon in the Windows Taskbar Notification Area (also known as the system tray) and click About. 10 Five9 TLS 1.0 Disablement Administrator s Guide
Five9 Statistics Portal Write down the version number shown in the dialog. For example, this screenshot shows version 9.5.0.1. Statistics Portal Web Client Application. To examine your version of the Statistics Portal Web client, go to this URL: http://localhost:8081/sportal/index.html If necessary, substitute localhost in the previous URL with the server or workstation network hostname where the Statistics Portal server is running, for example: http://statsportal:8081/sportal/index.html 11 Five9 TLS 1.0 Disablement Administrator s Guide
Five9 Statistics Portal Write down the version number to the right of the Five9 Statistics Portal. For example, the following screenshot shows version 9.5.1. Statistics Portal Version. If your current Statistics Portal version is less than 9.5.0.1 (or 9.5.1 for the browser client), follow the steps in the next section. Otherwise, no action is required. Upgrading Statistics Portal To upgrade Statistics Portal, you require these permissions: Administrative access to the Windows server or workstation where the Five9 Statistics Portal application is installed. Internet access to download the upgrade installation ZIP file. The existing configuration, user settings, and template files are preserved during the upgrade. To upgrade Statistics Portal, perform these steps: 1 Obtain the password for the Five9 Dropbox from your Five9 representative. 2 Download the ZIP file from the Five9 Dropbox at Five9StatisticsPortalInstaller_ v9.5.0.1.zip. 3 Log in to the server or workstation where Statistics Portal is installed. 4 Copy the ZIP file to the server or workstation where Statistics Portal is installed. 12 Five9 TLS 1.0 Disablement Administrator s Guide
Testing 5 To unzip the file, right-click the ZIP file and select Extract All 6 To uninstall the existing Statistics Portal application, perform these steps: a Right-click the Five9 icon in the Windows Taskbar Notification Area (system tray) and select Exit. b Open the Services control panel or run Services.msc. c Select Five9 Cloud Bridge and select Stop. d From the Control Panel, open Programs and Features or Add / Remove Programs. e Locate Five9 Statistics Portal and select Uninstall. f Follow the prompts. 7 To install the Statistics Portal upgrade package, perform these steps: a Locate setup.exe in the folder where you extracted the ZIP file. b Right-click setup.exe and select Run As Administrator c Follow the prompts. 8 Reboot the server or workstation. Verifying Statistics Portal Installation To verify the Statistics Portal service is running, go to http://localhost:8081/sportal/index.html in a Web browser on the server or workstation and ensure that the version is 9.5.1. Testing After you have upgraded your computers and software, perform these steps: Ensure that the Five9 applications and interfaces used by your organization are working. Check that your network connections to Five9 are performing at their typical speeds and there are no communication failures. 13 Five9 TLS 1.0 Disablement Administrator s Guide