New Question
 
 
PRTG Network Monitor

Intuitive to Use.
Easy to manage.

200.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free PRTG
Download >>

 

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

 

Top Tags


View all Tags


Which encryption methods does the PRTG webserver accept?

Votes:

0

Your Vote:

Up

Down

I configured my PRTG webserver to use a secure connection. Which encryption methods does the PRTG webserver accept? Which ciphers are supported? Can I connect using RC4?

aes beast certificates des encryption prtg rc4 ssl tls

Created on Nov 18, 2013 9:34:14 AM by  Daniel Zobel [Paessler Support]

Last change on Nov 18, 2013 9:55:49 AM by  Daniel Zobel [Paessler Support]



5 Replies

Accepted Answer

Votes:

0

Your Vote:

Up

Down


THIS INFORMATION IS OUT OF DATE

For more recent information about PRTG and security, please see the following article:


This article applies to PRTG Network Monitor 13.4.7.3531 or later

PRTG Webserver Secure Connections

PRTG supports SSL-encrypted connections between the webserver and the clients. On the webserver side, you can either use the standard certificate that is shipped with PRTG, or your own certificate.

When the browser connects to the webserver, they negotiate an encryption method. As of PRTG version 13.4.7.3531, the PRTG webserver accepts the following methods:

  • SSLv3 256 bits AES256-SHA
  • SSLv3 128 bits AES128-SHA
  • SSLv3 168 bits DES-CBC3-SHA
  • TLSv1 256 bits AES256-SHA
  • TLSv1 128 bits AES128-SHA
  • TLSv1 168 bits DES-CBC3-SHA


Unsupported Ciphers

As of PRTG version 13.4.7.3531, the PRTG webserver does not accept the following encryption method any more:

  • SSLv3 128 bits RC4-SHA

Please make sure you use the latest browser version on your clients!

Created on Nov 18, 2013 9:44:46 AM by  Daniel Zobel [Paessler Support]

Last change on Dec 19, 2014 12:13:31 PM by  Daniel Zobel [Paessler Support]



Votes:

0

Your Vote:

Up

Down

It is really good you have ditched RC4. I would also ditch (or disable by default): SSLv3 168 bits DES-CBC3-SHA TLSv1 168 bits DES-CBC3-SHA

DES is well past it's best lifetime, and can be broken in sub-24 hours using common hardware. With a high power group of machines it can almost be broken real-time. You really don't want to be using ciphers that can be broken so quickly.

Created on Mar 16, 2014 7:45:32 PM by  Philip D'Ath (0)



Votes:

0

Your Vote:

Up

Down

Dear Philip,

with our ciphers we follow the recommendation outlined under https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

In the linked Qualys SSL Labs test, a public PRTG installation with trusted certificate gets a "B" rating. We consider support for TLS 1.2 in future PRTG releases.

If needed, we can provide you with an undocumented setting to define the allowed ciphers manually.

Created on Mar 27, 2014 3:30:49 PM by  Daniel Zobel [Paessler Support]

Last change on Mar 27, 2014 3:32:27 PM by  Daniel Zobel [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello,

Is there any way of enabling TLS 1.2 on version 14.3.10.2422+?

Also, can we strip/disable the server signature being reported (noticed on ssllabs.com)

Thanks

Dave

Created on Oct 7, 2014 1:25:51 PM by  synths (0) 1



Votes:

0

Your Vote:

Up

Down

TLS 1.2 is currently not supported int Version 14.x.10. As of version 14.3.11.2625/2626 PRTG supports TLS1.2. Forward Secrecy will be supported with the next Release Branch 14.x.12 but I cannot give you an estimate on this. Please bear with us.
Could you please explain what exactly you mean about the signature?

Created on Oct 10, 2014 12:48:21 PM by  Torsten Lindner [Paessler Support]

Last change on Oct 16, 2014 11:36:47 AM by  Torsten Lindner [Paessler Support]



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.