Filr Desktop client unable to connect to Filr server when TLSv1.2 ONLY is enabled

  • 7022428
  • 04-Dec-2017
  • 12-Dec-2017

Environment

Micro Focus Filr 3.3
Micro Focus Filr Desktop client (v3.1 or older)

Situation

Starting with Filr 3.3, Filr administrators have the option to disable TLSv1 and TLSv1.1 protocols on the Filr server by enabling the option to 'Enable TLS v1.2 Protocol only' from the Filr appliance configuration console (as described in TID-7022397) . With TLSv1.2 being the only allowed protocol on the Filr server, any client that does not support TLSv1.2 will no longer be able to connect to the Filr server. This includes the Filr Desktop clients and Filr mobile apps that are at version 3.1 or older.

If the user tries to sign-in using the Desktop client, the following error will be displayed in a pop-up:
An unexpected error occurred while attempting to log in. Please contact your system administrator.

The Desktop client's C:\Users\jdoe\AppData\Local\Novell\Filr\filr.log file will have the following exception when this happens:
2017-12-08 12:09:32,259 [ui-1] [INFO] Error: Error([('SSL routines', 'SSL3_READ_BYTES', 'tlsv1 alert protocol version')],) (aca.onprem.auth)

For example, your users may experience this issue in the following scenario:

You are upgrading from Filr 1.x or Filr 2.x to Filr 3.3. After the server upgrade, you re-configure your Filr server and enable the following option (note this option is NOT enabled by default in Filr 3.3): Filr configuration console (9443) > Configuration > Network > Enable TLS v1.2 Protocol ONLY. When the end users using the Filr 1.x or Filr 2.x Desktop clients try to connect to the Filr server, the connection will fail because they are unable to connect using TLSv1.2.

Resolution

One of the following options should help resolve this issue:
  1. Inform users to download the latest Desktop client installer from the Filr web-interface
    Filr web-interface allows users to download the Desktop client installer for their Windows or Mac system. See Downloading and Installing the Filr Desktop application in the Filr documentation.

  2. Disable TLSv1.2 ONLY option until all your users have upgraded to the latest Desktop client
    You can re-enable the TLSv1 and TLSv1.1 protocols in your Filr deployment (temporarily) to allow all your end users to receive the Desktop client update notification to the latest version. Once users have updated the clients to latest version, you can re-enable the TLSv1.2 ONLY option.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.