Summary

This is a notice of the upcoming change in Q1 2022 with support of TLS 1.0/1.1 on Informatica Intelligent Cloud Services Secure Agents.

Support for TLS 1.0/1.1 will no longer be enabled by default on Informatica Intelligent Cloud Services Secure Agents (“Secure Agents”) from Q1 2022. Only TLS 1.2 will be enabled by default and customers requiring TLS 1.0/1.1 support will need to manually re-enable the older TLS protocols.

Informatica will continue to support TLS1.0/1.1 by default until that time.

Why are we doing this?

RFC 8996 released in the Spring of 2021 formally announced the deprecation of TLS versions 1.0 and 1.1. See RFC 5246 for details about the improvements of TLS 1.2 vs older versions.

In conjunction with the above deprecation notice, OpenJDK began disabling TLS 1.0 and TLS 1.1 by default in April 2021. Informatica Intelligent Cloud Services will be upgrading the Secure Agent JDK to version 8u302 of OpenJDK during the October 2021 major release.

Informatica will overwrite the default JDK 8u302 setting to continue supporting TLS 1.0 and TLS 1.1 until the first Major release in Q1 2022 to allow customers time to prepare for TLS 1.2 default configuration.

What are the plans and actions you must take going forward?

• If you have previously disabled TLS 1.0/1.1 and standardized TLS 1.2, you must act after the IICS October 2021 major release. You will need to reset the JDK parameter on the secure agent that controls the allowed TLS algorithms. Please follow the KB article for steps.
• If you have not standardized TLS 1.2, we encourage you to do so and begin evaluating the overall readiness and test for TLS 1.2 compatibility prior to the first Major release in Q1 2022.

This will require you to review all the endpoints (databases, applications, mainframes, etc.) for TLS 1.2 support and ensure they are configured to support TLS 1.2. It is advised to deploy a test Secure Agent configured to only support TLS 1.2 as described in KB Article and test their connectivity and IICS workloads.

What connections does this impact?

• The connection from secure agent to IICS is always TLS 1.2. There is no impact on this in Q1 2022.
• All connections from the secure agent to your databases, applications, mainframes, etc. might have an impact in Q1 2022. You need to review all endpoints for TLS 1.2 support and ensure they are configured to support TLS 1.2.

The roadmap information being provided herein is for informational purposes only. The development, release, and timing of any Informatica product or functionality described herein remain at the sole discretion of Informatica and should not be relied upon in making a purchasing decision. Statements made herein are based on information currently available, which is subject to change. Such statements should not be relied upon as a representation, warranty, or commitment to deliver specific products or functionality in the future.

IICS products, which use the secure agent, are currently tested on the operating systems specified in the PAM. To help customers plan for 2021, we are providing guidance on anticipated major updates to the tested operating systems in the PAM during the next 6-9 months:

• Addition of MicrosoftWindows Server 2019 to the PAM by August 2021. Deprecation of Windows Server 2012 R2 in early-2021, with the intent of removing this version from the PAM by October 2021. Per Microsoft’s support lifecycle, Windows Server 2012 R2 is more than 2 years past its Mainstream Support end date.

• Addition of Red Hat Enterprise Linux (RHEL) 8 to the PAM by August 2021. Deprecation of RHEL 6 in early-2021, with the intent of removing this version from the PAM by October 2021. Per Red Hat’s support lifecycle, RHEL 6 completes its Maintenance Support period in November 2020.