Security update for Tekla Model Sharing

Tekla Structures
Not version-specific
Tekla Structures

To provide better cyber security for our model sharing users, we are dropping the support for the old security protocols TLS 1.0 and TLS 1.1 in Tekla Model Sharing service on 17 January 2022. After that, Tekla Model Sharing will not work unless your Tekla Structures version and operating system support TLS 1.2.

The Transport Layer Security (TLS) protocol controls and protects the network communication from your local computer to cloud services. TLS 1.2 is considered as the safest protocol currently and recommended by security professionals. 

If you are using a Tekla Structures version older than 2019, you may need to take action to continue using Tekla Model Sharing with your current software version. Also note that Windows 7 users must ensure that their installation of Windows supports TLS 1.2 and that it is enabled. Other users can continue as usual and no actions are needed.

COMPLIANCE - TEKLA STRUCTURES

You have two options to comply with enforced use of TLS 1.2 in older versions:

  • upgrade to compliant Tekla Structures version and/or Service Pack that automatically enforces the use of TLS 1.2
  • run a TLS 1.2 Enabler installer that configures your current Tekla Structures version and Service Pack to comply

The following table shows the Tekla Structures versions which use TLS 1.2 automatically.

Tekla Structures version Compliant versions Actions needed
Tekla Structures 2019 or newer All versions compliant no actions needed
Tekla Structures 2018i Service Pack 4 or newer Install SP4 or newer or use TLS 1.2 Enabler installer
Tekla Structures 2018 Service Pack 6 or newer Install SP6 or newer or use TLS 1.2 Enabler installer
Tekla Structures 2017i Service Pack 8 or newer Install SP8 or newer or use TLS 1.2 Enabler installer
Tekla Structures 2017 Service pack 12 or newer Install SP12 or newer or use TLS 1.2 Enabler installer
Tekla Structures 2016i Not compliant Use TLS 1.2 Enabler installer
Tekla Structures 2016 Not compliant Use TLS 1.2 Enabler installer
Tekla Structures 21.1 Not compliant Use TLS 1.2 Enabler installer
Tekla Structures 21.0 Not compliant Use TLS 1.2 Enabler installer

 

SHOULD I UPGRADE TEKLA STRUCTURES OR RUN THE TLS 1.2 ENABLER INSTALLER?

An upgrade is the recommended option. When you use a version that is on maintenance and the latest Service Pack, you are always secured. 

Also note that Tekla Structures 2017-2020 versions have required a Service Pack update to be done by the end of year 2021 due to improved Trimble Identity as has been communicated since June 2021. If you have already updated your 2017-2020 version as instructed, no actions needed related to this TLS version change.

The TLS 1.2 Enabler installer is a safe option if you are unable to upgrade right now or if you are using an older Tekla Structures version (21.0-2016i). It will not affect production use and only takes 5 minutes to execute.

 
Image
icon_tip.png

You need to run the TLS 1.2 Enabler installer only once on one computer, it will upgrade all Tekla Structures versions it finds. If you want to check that the installation was successful, check that following line is found in the ..\Program Files\Tekla Structures\<version>\nt\bin\TeklaStructures.exe.config  file:

<AppContextSwitchOverrides value="Switch.System.Net.DontEnableSchUseStrongCrypto=false"/>

COMPLIANCE - WINDOWS

Windows 10: Compliant

Windows 7: TLS 1.2 must be enabled. Windows 7 does not support TLS 1.2 by default, so you might need to enable it yourself. Do this only if you are familiar with editing the Windows registry.

1. Make sure that you have the latest Windows update installed.

2. Check for the following registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client (DisabledByDefault=0)

3. If the entry is not found or is different, add or change the entry to match the above.

 

See also

END OF LIFE for older Tekla Structures versions in Tekla Model Sharing

Was this helpful?