Go to All Forums

[LAST DATE: 30-09-2018] Terminating support for earlier TLS versions for security reasons

UPDATE: The last date for upgrading your browsers, application programming environments, and Site24x7 agents in accordance with the latest TLS versions has been extended till 30th September 2018.

 

Greetings,

Site24x7 is ending support for earlier Transport Layer Security (TLS) versions 1.0 and 1.1, due to security reasons. 

What is TLS?

TLS is a secure way of client-server data communication. The TLS protocol protects the confidentiality and integrity of the information passed between two systems. Since the earlier versions of TLS - TLS 1.0 and 1.1, pose security issues, we are completely migrating to TLS 1.2

How are you affected?

If your browsers, application programming environments, and Site24x7 agents do not support TLS 1.2, you will face problems with data collection and viewing the same. 

You can safely ignore if your browsers, programming environments, and Site24x7 agents are updated to the latest TLS version (TLS 1.2).

When should you do this?

Kindly ensure that you upgrade your respective agents, programming environments and browsers before  30th September 2018 .

What should you do?

You should update to the latest TLS version and Site24x7 agents that supports TLS 1.2. The following table enlists the corresponding versions that support TLS 1.2

 

Browser versions 

Google Chrome - Version 30 & above
Mozilla Firefox - Version 27 & above
Safari - Version 7 & above
Internet Explorer - Version 11 & above

Check if your browser is compatible with TLS 1.2 

 

Programming Environments
  • Java 6 - Update 111 or later
  • Java 7u25
  • OpenSSL 0.9.8ay
  • .NET 4.5
APM Insight agent versions
On-Premise poller Version 3.1.6 & above
Server Monitoring For the Windows Server Monitoring agent, TLS 1.2 is disabled by default for Windows Server 2008. To enable it, please  apply the hotfix mentioned in this article . To enable TLS 1.2 for Windows Server 2012, 2008 R2, and 7,  apply this hotfix
Real Browser monitoring For web transaction recorders and Site24x7 Desk apps, the latest version compatible with TLS 1.2 is displayed on the login screen - kindly download the same. 
API's To communicate via API's, ensure that your browsers, programming environments, and OS are compatible with TLS 1.2

In case of any questions or concerns, kindly drop a word to support@site24x7.com

Reply 1
Replies (9)

Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Hello,

You guys should implement your own library instead of depending on the library provided by operating system. We have to discontinue site24x7 since we are using Server 2003 R2 in production. Chrome and Firefox browsers support TLS 1.1 and 1.2 when running on older Windows systems as well. 

 

Reference:

serverfault.com/questions/793280/does-windows-2003-support-tls-1-1-and-1-2/793281

Reply 3

Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

If you run windows 2003 in production you are 15 year outdated with much more security issues than TLS

 

Reply 7

Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Can still ping them from a remote poller - or maybe install the SNMP service and monitor them that way


Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

We are still seeing an alert - 

Looks like you are using an older version of TLS in your servers. www.site24x7.com/community/terminating-support-for-earlier-tls-versions-for-security-reasons to upgrade to TLS version 1.2. 

Want to know which servers use the old TLS version? Check now!

"Check now" is not clickable. I had 2 servers with a warning icon indicating there were running an older version of TLS. They have been updated, but the warning message still persists on the Server Monitors page.

I opened a ticket with support, but the response was "if there are no servers with the warning icon, the TLS update can be considered complete".

If that is the case, how do I remove the TLS warning message on the Server Monitor page?


Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Did you restart the site24X7 service on the affected servers? 

The message remained on my servers until the service was restarted.

Reply 2

Re: Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

I restarted the server, and I restarted the agent. Verified the patch is there. Still getting the error.

Reply 0

Re: Re: Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

Have you set the required keys in the registry after the patch is installed?

Reply 0


Re: Re: [UPDATED] Terminating support for earlier TLS versions for security reasons

I think that requiring people to do this is ridiculous.  If its going to be a requirement then you are going to have to give more time for this.  Do you know how many companies out there have hundreds of windows boxes and will not have time to get this done?  I am lucky and only have a few.  But it is still a pain to have to do this patch.  And what affect will it have on my apps that run on these servers?  

That said I did find the requirement descriptions for creating this registry key:

support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows.

Again I find it quite ridiculous that this is something we have to do, and not provide some kind of script to do it.

 

Reply 1