ANNOUNCEMENT #1016 - 001
Required Update to LoanQuest Transport Components
(9/13/2016 - amended 9/28, 10/12, 10/14)
Computer systems utilize standard security protocols to secure and protect data in transit between systems. The security protocols often referred to as SSL (Secure Sockets Layer) have been upgraded in recent years. The upgraded security protocol is now referred to TLS (Transport Layer Security). Like all software, these security protocols are subject to periodic changes and upgrades. MortgageFlex products currently utilize the TLS 1.0 security protocol when communicating with third party service providers.
What is the issue?
Several vendor partners are discontinuing support of the TLS 1.0 security protocol and will limit their support to TLS 1.1 or 1.2. Complicating this issue is that LoanQuest and the Transport components provided by MortgageFlex are compiled to run on the .NET 3.5 framework. The TLS 1.1/1.2 security protocols only run under the .NET 4.5+ framework.
Who is affected?
Any customer who currently utilizes the following vendors/partners:
- Equifax - 2017
- MortgageBot - Early December 2016
- PredProtect - EOY
- FraudGuard - EOY
- First American - EOY
- MortgageCoach - August, 2016
What does this mean to you?
The above vendors communicated the security change to only support TLS 1.1, 1.2 or higher encryption methods to initiate secure transactions with their systems. The current LoanQuest Transport Server uses Microsoft .NET 3.5 Framework infrastructure components that only support TLS 1.0 encryption. After the vendor’s cutoff date, calls to their services that stopped supporting TLS 1.0 will fail with SSL handshake exceptions.
To ensure data security and integrity and prevent any disruption with these vendors, LoanQuest Transport Server will be compiled with Microsoft .NET 4.6.2 Framework to support the more secure TLS 1.1 and higher protocols.
Customers must perform the following steps to address this change (hosted customers need to coordinate this with MortgageFlex IT support):1. Request a LoanQuest Transport Server patch compiled in Microsoft .NET 4.6.2 Framework.
2. Provide the transport configuration files.
PREMISES Customers: (You manage and maintain your application database onsite)
For the LoanQuest Transport Components update, we require the following transport configuration files from all applicable environments (QA, TEST, PROD). The files should be packaged in a folder labeled with the environment name so programming know which environment they are from.
File Folder Path: Program Files\MortgageFlex Systems\Mortgageflex Transport Service\Bin
HOSTED Customers: We will manage this for you.
NOTE: Do NOT uninstall the Microsoft .NET 3.5 Framework if you are running the other services (Application, Printing, Pricing tiers) in the same server as your Transport Server.3. Install the Microsoft .NET 4.6.2 Framework in the server where you are currently running (or plan to run) the LoanQuest Transport Server. The framework can be installed alongside your existing Microsoft .NET 3.5 Framework.
4. Contact your third-party vendor to ensure your test and/or production URLs are still valid.
NOTE: Other LoanQuest applications are still using the Microsoft .NET 3.5 Framework including the Print Service which is called by the Transport Server. With the MortgageFlex 16.3 Build, all MortgageFlex software components will be updated to execute on the Microsoft .Net 4.6.2 Framework.