Sage posted a document titled TLS 1.2 Compliance Requirement: Timing of Customer Impact in the Sage Partner Hub today.(10/4/23)
The wording is very confusing and exactly what Sage is doing behind-the-scenes is not entirely clear. The ultimate impact appears to be an extension of time through March 1, 2024 for customers who have not yet updated to a TLS 1.2 compatible subscription version of Sage 100.
So far as I'm aware nothing changes other than Sage pushing the date from October to March.
This TLS 1.2 requirement only impacts subscription customers as the perpetual license does not need to be renewed.
In summary:
- No change to the requirement that Sage 100 subscription customers need to be on a TLS 1.2 compliant version or they will eventually have problems renewing their license due to the Sage Licensing Server ( SLS ) being updated to only accept TLS 1.2 connections.
- The deadline was formerly 10/1/2023 for all Sage 100 subscription customers to be on a TLS 1.2 compatible version of Sage 100
- My memory is that Sage stated several times that this "deadline" would only impact a Sage 100 subscription that was renewing
- Monthly renewals ( which is probably who this extended deadline is for ) would check in once a month
- Annual renewals would check in on or about their renewal date
- The latest information from Sage ( see attached PDF ) says that Sage has an ability to "stretch out the deprecation of TLS 1.0/1.1" and the new deadline is March 1, 2024 ( although Sage doesn't come right and call it a new deadline - so if anyone else can decipher this and comes to a different conclusion I'm all ears).
Full text of the October 4, 2023 announcement:
TLS 1.2 compliance requirement:
Timing of customer impact
As has been regularly communicated to partners and customers for over a year, beginning in October 2023, Sage License Servers will no longer accept communication from products using the less secure TLS 1.0 and 1.1 protocol. While most of our Sage 100 and Sage 300 customers are now compliant, we still have a significant number that are at risk of their system going into read-only mode due to the age of their current release.
To ensure that our partners and support team can assist the remaining noncompliant customers with upgrading or implementing a patch once they begin receiving warnings of a pending lack of access, we have developed a means to pace the impact on customers in batches. The timing, size, and allocation of these batches will be defined in coordination with sales leadership in the US and Canada to minimize any business impact, while also accelerating the completion of this critically
important task.
This ability to stretch out the deprecation of TLS 1.0/1.1 should minimize spikes and create a better experience for customers and partners. It will require the continued support of our partners to ensure all impacted customers are upgraded or updated.
The process is beginning now and is expected to be completed on or before March 1, 2024. As a reminder, customers will not suddenly lose access to their Sage 100 or Sage 300 solution. Instead, noncompliant customers will receive a notice that their subscription has expired. They will have 45 days before the product goes into read-only mode.
As a reminder, this is the type of announcement Sage has been sharing for over a year
This is a sample announcement sent to customers earlier this year - June 2023. There's nothing new on this customer facing announcement. It's just the only public announcement by Sage that I could find ( there were other announcements but I think those were all partner facing). Use this as a guide to know what the customers have been told by Sage. I also like to use "Sage has announced" when suggesting to a customer that they upgrade because if Sage deferred the deadline I did not want the customer asking me why they just spent $$ upgrading their Sage, etc.
------------------------------
Wayne Schulz
wayne@s-consult.com
Schulz Consulting
(860) 516-8990
Moodus, CT
------------------------------