Dear Customer,
RSA wants you to be aware of an update to the TLS 1.2 Security Initiative by LexisNexis® Risk Solutions, the provider of Knowledge Based Authentication. This LexisNexis® Risk Solutions initiative requires your immediate attention.
LexisNexis® Risk Solutions has informed RSA that all LexisNexis® Risk Solutions customers are required to meet the minimum security protocol of TLS 1.2.
This LexisNexis® Risk Solutions initiative, which began in early 2017, has adjusted its end date to ensure that all customers are prepared. From February 1, 2018, LexisNexis® Risk Solutions will begin to disable TLS 1.0 and 1.1 ciphers and protocols. LexisNexis® Risk Solutions has informed RSA that customers who do not meet TLS 1.2 protocol requirements, will no longer be able to access LexisNexis® Risk Solutions systems.
Note: LexisNexis will disable TLS 1.0 and 1.1 in their staging environment on Tuesday, October 24, 2017 at 10:00pm EST, for customers who utilize the LexisNexis® Risk Solutions InstantID Q&A product to test their TLS 1.2 settings.
The Test URL in Scope is: https://staging.netview.verid.com
Note: RSA’s Adaptive Authentication On-Premise supports TLS 1.2 only from version 7.3 P1 onwards. Customers who use LexisNexis® Risk Solutions with Adaptive Authentication On-Premise, who do not use version 7.3 P1 or later, must upgrade their Adaptive Authentication On-premise system to meet LexisNexis® Risk Solutions requirements. In addition, customers will need to use JAVA 8.
Please work directly with LexisNexis® Risk Solutions on any exception. Without the upgrade (plus JAVA 8) or an exception, API calls to LexisNexis® Risk Solutions will fail after the LexisNexis® Risk Solutions Security Initiative is implemented.
For additional documentation, downloads, and more, visit the RSA Adaptive Authentication page on RSA Link.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.