Go to All Forums

[UPDATED] Terminating support for earlier TLS versions for security reasons

Greetings,

Site24x7 is ending support for earlier Transport Layer Security (TLS) versions 1.0 and 1.1, due to security reasons. 

What is TLS?

TLS is a secure way of client-server data communication. The TLS protocol protects the confidentiality and integrity of the information passed between two systems. Since the earlier versions of TLS - TLS 1.0 and 1.1, pose security issues, we are completely migrating to TLS 1.2

How are you affected?

If your browsers, application programming environments, and Site24x7 agents do not support TLS 1.2, you will face problems with data collection and viewing the same. 

You can safely ignore if your browsers, programming environments, and Site24x7 agents are updated to the latest TLS version (TLS 1.2).

When should you do this?

Kindly ensure that you upgrade your respective agents, programming environments and browsers before  31st July 2018 .

What should you do?

You should update to the latest TLS version and Site24x7 agents that supports TLS 1.2. The following table enlists the corresponding versions that support TLS 1.2

 

Browser versions 

Google Chrome - Version 30 & above
Mozilla Firefox - Version 27 & above
Safari - Version 7 & above
Internet Explorer - Version 11 & above

Check if your browser is compatible with TLS 1.2 

 

Programming Environments
  • Java 6 - Update 111 or later
  • Java 7u25
  • OpenSSL 0.9.8ay
  • .NET 4.5
APM Insight agent versions
On-Premise poller Version 3.1.6 & above
Server Monitoring For the Windows Server Monitoring agent, TLS 1.2 is disabled by default for Windows Server 2008. To enable it, please  apply the hotfix mentioned in this article . To enable TLS 1.2 for Windows Server 2012, 2008 R2, and 7,  apply this hotfix
Real Browser monitoring For web transaction recorders and Site24x7 Desk apps, the latest version compatible with TLS 1.2 is displayed on the login screen - kindly download the same. 
API's To communicate via API's, ensure that your browsers, programming environments, and OS are compatible with TLS 1.2

In case of any questions or concerns, kindly drop a word to support@site24x7.com

Reply 1
Replies (5)

Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Hello,

You guys should implement your own library instead of depending on the library provided by operating system. We have to discontinue site24x7 since we are using Server 2003 R2 in production. Chrome and Firefox browsers support TLS 1.1 and 1.2 when running on older Windows systems as well. 

 

Reference:

serverfault.com/questions/793280/does-windows-2003-support-tls-1-1-and-1-2/793281

Reply 2

Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

If you run windows 2003 in production you are 15 year outdated with much more security issues than TLS

 

Reply 6

Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

We are still seeing an alert - 

Looks like you are using an older version of TLS in your servers. www.site24x7.com/community/terminating-support-for-earlier-tls-versions-for-security-reasons to upgrade to TLS version 1.2. 

Want to know which servers use the old TLS version? Check now!

"Check now" is not clickable. I had 2 servers with a warning icon indicating there were running an older version of TLS. They have been updated, but the warning message still persists on the Server Monitors page.

I opened a ticket with support, but the response was "if there are no servers with the warning icon, the TLS update can be considered complete".

If that is the case, how do I remove the TLS warning message on the Server Monitor page?


Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Did you restart the site24X7 service on the affected servers? 

The message remained on my servers until the service was restarted.

Reply 2

Re: Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

I restarted the server, and I restarted the agent. Verified the patch is there. Still getting the error.

Reply 0