Action Required for for RSA MFA Agents for Microsoft Windows  1.1 and 1.2

Document created by RSA Product Team Employee on Nov 20, 2020Last modified by RSA Product Team Employee on Nov 24, 2020
Version 3Show Document
  • View in full screen mode

In the coming months, RSA will improve security by enforcing the use of Transport Layer Security (TLS) 1.2 or greater encryption for all communication from clients (including identity routers, RSA Authentication Manager, agents, and proxies) to the Cloud Authentication Service. This TLS 1.2 enforcement change is scheduled for mid-April 2021. Before TLS 1.2 rolls out, all customers with RSA MFA Agent for Microsoft Windows 1.1 or 1.2 who expect to use emergency offline authentication must update their agents to the latest 1.2.1 or 2.0.x version to support TLS 1.2.

If offline authentication is enabled for your users and you do not upgrade the agents, the downloaded day files will not be updated on each agent and offline authentication will stop working in mid-April 2021. TLS 1.2 does not affect users’ ability to perform online authentication.
If you are using a proxy to proxy traffic from clients to the Cloud Authentication Service, the proxies must support TLS 1.2.

EOPS Policy:RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.