In October 2023, Sage plans to update their licensing servers and remove less secure TLS 1.0 and 1.1. All Sage 100 users must be on TLS 1.2 or higher, the only version compatible with the licensing servers, or risk having their Sage 100 system go into read-only mode after being unable to communicate with the licensing server.
The chart above shows exactly which versions of Sage 100 and 300 are compatible with the upcoming changes.
According to Sage, license checks occur upon the regular expiration date of your subscription. Monthly subscribers will therefore have licensing checked more frequently, while annual paid subscription is only checked once per year.
Why is TLS 1.2 More Secure than Prior Versions?
TLS 1.2 is more secure than prior TLS versions because it uses more robust encryption algorithms and cipher suites. TLS 1.2 also includes several security enhancements that make it more difficult for attackers to exploit vulnerabilities.
One of the most significant security enhancements in TLS 1.2 is using the Advanced Encryption Standard (AES) cipher suite. AES is a block cipher that uses a 128-bit key, which makes it much more secure than the 64-bit keys used in earlier TLS versions. TLS 1.2 also supports several other cipher suites, including ChaCha20 and Poly1305, which are even more secure than AES.
In addition to using more robust encryption algorithms, TLS 1.2 also includes many other security enhancements. For example, TLS 1.2 uses a more secure method of generating random numbers, which makes it more difficult for attackers to guess the random numbers and launch a man-in-the-middle attack. TLS 1.2 also supports Elliptic Curve Cryptography (ECC), a more efficient and secure alternative to RSA.
As a result of these security enhancements, TLS 1.2 is a significantly more secure protocol than prior TLS versions. Organizations that use TLS 1.2 can be confident that their data is protected from unauthorized access.
Here are some additional details about the security enhancements in TLS 1.2:
- Stronger encryption algorithms: TLS 1.2 uses stronger encryption algorithms than prior TLS versions. This makes it more difficult for attackers to decrypt data that is transmitted over a TLS-protected connection.
- Improved handshake protocol: The handshake protocol is the process that is used to establish a secure connection between two parties. TLS 1.2 includes many improvements to the handshake protocol that make it more secure.
- Support for new cipher suites: TLS 1.2 supports some new ones unavailable in prior TLS versions. These cipher suites offer improved security and performance.
- Enhanced security features: TLS 1.2 includes several enhanced security features that make it more difficult for attackers to exploit vulnerabilities. These features include support for client authentication, server authentication, and message integrity checking.
Is Sage 100 Accessible After a Sage 100 Subscription Expires?
Once a Sage 100 license has expired (including being unable to reach the licensing server), there is a 45-day grace period to renew. After that time, Sage 100 will only have read-only access to data. Customers will still be able to Sage 100, which will display a message that the Sage 100 subscription has expired, and may view existing data, but it will no longer be able to make changes or enter new transactions.
From the Sage update:
As previously communicated, effective October 2023, Sage License Servers will no longer accept communication using the less secure TLS 1.0 and 1.1 protocol. Therefore, Sage 100 and Sage 300 customers must be on a recent version.
Next Steps: Verify Your TLS 1.2 Compatibility
While in Sage 100, go to your Help menu and select About. This will display the current release level. If you are not on 2018 PU10 ( or higher ), 2019 PU4 ( or higher), 2020 PU1 ( or higher ), or 2021+, contact your Sage partner for further consultation about upgrading before the October 2023 deadline.