Before you upgrade
Before you upgrade, you must consider the possible impact of certain security enhancements on your environment:
Understand the impact of TLS protocol changes
For heightened security, when you upgrade to MobileIron Core 10.3.0.0, MobileIron Core's configurations for incoming and outgoing SSL connections are automatically updated to use only protocol TLSv1.2. TLSv1.2 cannot be disabled.
This change occurs regardless of the protocol settings before the upgrade.
This change means that MobileIron Core now uses only TLSv1.2 for incoming and outgoing connections with all external servers. Examples of external servers to which Core makes outgoing connections are:
|
•
|
Apple Push Notification Service (APNS) |
|
•
|
Content Delivery Network servers |
|
•
|
MobileIron support server (support.mobileiron.com) |
|
•
|
Outbound proxy for Gateway transactions and system updates |
|
•
|
Public app stores (Apple, Google, Windows) |
|
•
|
Apple Volume Purchase Program (VPP) servers |
|
•
|
Apple Device Enrollment Program (DEP) servers |
|
•
|
Android for Work servers |
Therefore, if an external server is not configured to use TLSv1.2, change the external server to use TLSv1.2.
|
NOTE:
|
Upgrade to Integrated Sentry 6.4 before upgrading to Core 10.3.0.0. Integrated Sentry 6.4 supports TLSv1.2. |
To determine TLS protocol usage with external servers:
- For outgoing connections from Core to external servers, use the MobileIron utility explained in the following article to determine the TLS protocol usage with those servers:
https://community.mobileiron.com/docs/DOC-9256
- For incoming connections to Core from external servers, determine each server's TLS protocol usage (no MobileIron utility is available)
For more information:
|
•
|
"Advanced: Incoming SSL Configuration" and "Advanced: Outgoing SSL Configuration" in the MobileIron Core System Manager Guide. |