Sage 100

We had a meeting with IT department of a customer yesterday. We will be migrating and upgrading an installation of Sage 100 Standard to a virtual server. The division that uses Sage 100 is a smaller division of a large company and they aren't integrated with the larger company financials but IT wants everything on the same box. The question came up regarding the directories of the sage folder using OpenSSL. At first I was puzzled but I believe that this actually refers back to the fact that the Sage CRM element always insists on installing. Can anyone else think of any reason why a peer to peer application like Sage 100 Standard would give a tinker's damn about SSL?

Because the product is Sage 100c also know as Sage 100 Cloud? :) Okay that may not be it but my first guess would be related to Chilkat (paperless office communications) or connected services would care about SSL.

I want to ask about the ""OpenSSL vulverabilities"" that an IT Dept claims to have found in Sage 100 v2016. Nothing fancy on this: they use VI to move Customer sales into Sage for AR management. The IT guys claim that two OpenSSL vulnerabilities are present: CVE-2014-0224 & CVE-2014-3566. Version of SSL used by Sage 100 is 0.9.8k. Thanks @ChrisMengerink for the suggestion. Does anybody else have anything?

@AlnoorCassim ???

Since we're on Standard, then we are talking about mapped drives and UNCs therefore there is no OpenSSL connection nor any SSL supported for that matter at the main application level (there is with Advanced with the App Server but not relevant here). So maybe he is in fact referring to an integrated piece like Paperless emailing where SSL or TLS is checked in Email tab but the most recent version of ChilkatMail (which presumably supports but needs confirmation, the highest level of SSL/TLS) is not installed on v2016. Concern over CRM communication through the ""integration engine"" would make sense too but it doesn't use any SSL as far as I know either. Chuck I think you'll need to drill down more with him.

Thanks, Alnoor. they do not have CRM, so take that off the table. They use Paperless Office for report printing. If they don't use PLO for emailing, is SSL involved? I don't see how it would be... If they use PLO email, is the SSL/TLS version controlled by the ChilkatMail exe? Can we substitute latest and greatest Chilkat for this? Do any of these answers change if we upgrade all this to v2018 Standard?

Jerry if they don't use Paperless emailing, I don't believe SSL could be involved in any other way. Ah except for credit card processing (Paya/SPS, APS, etc), Payroll Tax Calc in 2018 (to the SPA web service) and probably the other connections you see in Library Master / Setup / URL Maintenance. Also, I'm thinking ChilkatMail DLL uses some standard way of specifying SSL/TLS and that is the SMTP Server (e.g. Exchange Server, Google Mail, etc) that listens on a port designated for SSL/TLS. You could also point out to them their current version of Standard doesn't use SSL (obviously) and neither will 2018 Standard and since that concern is arising because Sage 100 is being placed on the same VM as the other division's ERP, it is allayed by simply putting Sage 100 on it's own VM :)

Thanks, Alnoor! This helps a lot.