What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Which encryption methods does the PRTG webserver accept?

Votes:

0

I configured my PRTG webserver to use a secure connection. Which encryption methods does the PRTG webserver accept? Which ciphers are supported? Can I connect using RC4?

aes beast certificates des encryption prtg rc4 ssl tls

Created on Nov 18, 2013 9:34:14 AM by Daniel Zobel [Product Manager]

Last change on Nov 18, 2013 9:55:49 AM by Daniel Zobel [Product Manager]



7 Replies

Accepted Answer

Votes:

0

THIS INFORMATION IS OUT OF DATE

For more recent information about PRTG and security, please see the following article:

This article applies to PRTG Network Monitor 13.4.7.3531 or later

PRTG Webserver Secure Connections

PRTG supports SSL-encrypted connections between the webserver and the clients. On the webserver side, you can either use the standard certificate that is shipped with PRTG, or your own certificate.

When the browser connects to the webserver, they negotiate an encryption method. As of PRTG version 13.4.7.3531, the PRTG webserver accepts the following methods:

  • SSLv3 256 bits AES256-SHA
  • SSLv3 128 bits AES128-SHA
  • SSLv3 168 bits DES-CBC3-SHA
  • TLSv1 256 bits AES256-SHA
  • TLSv1 128 bits AES128-SHA
  • TLSv1 168 bits DES-CBC3-SHA


Unsupported Ciphers

As of PRTG version 13.4.7.3531, the PRTG webserver does not accept the following encryption method any more:

  • SSLv3 128 bits RC4-SHA

Please make sure you use the latest browser version on your clients!

Created on Nov 18, 2013 9:44:46 AM by Daniel Zobel [Product Manager]

Last change on Dec 19, 2014 12:13:31 PM by Daniel Zobel [Product Manager]



Votes:

0

It is really good you have ditched RC4. I would also ditch (or disable by default): SSLv3 168 bits DES-CBC3-SHA TLSv1 168 bits DES-CBC3-SHA

DES is well past it's best lifetime, and can be broken in sub-24 hours using common hardware. With a high power group of machines it can almost be broken real-time. You really don't want to be using ciphers that can be broken so quickly.

Created on Mar 16, 2014 7:45:32 PM



Votes:

0

Dear Philip,

with our ciphers we follow the recommendation outlined under https://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

In the linked Qualys SSL Labs test, a public PRTG installation with trusted certificate gets a "B" rating. We consider support for TLS 1.2 in future PRTG releases.

If needed, we can provide you with an undocumented setting to define the allowed ciphers manually.

Created on Mar 27, 2014 3:30:49 PM by Daniel Zobel [Product Manager]

Last change on Mar 27, 2014 3:32:27 PM by Daniel Zobel [Product Manager]



Votes:

0

Hello,

Is there any way of enabling TLS 1.2 on version 14.3.10.2422+?

Also, can we strip/disable the server signature being reported (noticed on ssllabs.com)

Thanks

Dave

Created on Oct 7, 2014 1:25:51 PM



Votes:

0

TLS 1.2 is currently not supported int Version 14.x.10. As of version 14.3.11.2625/2626 PRTG supports TLS1.2. Forward Secrecy will be supported with the next Release Branch 14.x.12 but I cannot give you an estimate on this. Please bear with us.
Could you please explain what exactly you mean about the signature?

Created on Oct 10, 2014 12:48:21 PM by Torsten Lindner [Paessler Support]

Last change on Oct 16, 2014 11:36:47 AM by Torsten Lindner [Paessler Support]



Votes:

0

Is there any place to disable encryption under server configuration? Any plan to disable DES-CBC3-SHA?

DES-CBC3-SHA should be avoided, based on CVE-2016-218.

Created on Dec 29, 2022 2:37:33 AM



Votes:

0

Hello,

The current version of this information is outdated, you can find the current information here

If you need further customization we have the possibility to define the used SSL ciphers completely manually by editing PRTGs configuration directly.

As this is an advanced procedure with potential for failure we provide this information via our Technical Support, please get in touch via mail at [email protected]

Kind regards,
Johannes Beyerlein, Technical Support Team

Created on Jan 3, 2023 4:48:38 PM by Johannes Beyerlein [Paessler Support]




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.