We keep failing PCI DSS external network scans because they detect that SSLv3 and TLSv1.0 are supported by the PRTG Web server, as well as the PRTG Demo Certificate still using the SHA-1 signature algorithm. Is it possible to disable support for these protocols/algorithm?
Is there a way to disable SSLv3 and TLSv1.0 support for the PRTG Web server? And can I disable the S
Best Answer
Accepted Answer
Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.
Created on Sep 12, 2018 8:43:01 AM by
Last change on Sep 24, 2018 2:13:01 PM by
197 Replies
Hi Matt,
PRTG supports SSL connections via TLS 1.2 since version 14.x.12 or later. If you are using an older version, update to the latest release to enable the new security features.
For more detailed information, please have a look at the PRTG Network Monitor Security Features
Best regards, Felix
Created on Aug 31, 2015 8:00:34 AM by
Felix,
I'm on the current version (15.3.18.3616). I know it supports the newer versions, my problem is that it also still supports the old versions. I need PRTG to not support the old versions.
In searching for an answer, I found a webpage that listed a fix from you that I couldn't find in the Paessler KB. It references "OverrideSSLVersion" and "OverrideSSLCipher" registry entries. Would these be a possible solution for removing SSLv3 and TLSv1.0 support from my PRTG installation?
Hi,
This won't be necessary as the webserver rejects SSLv3 connections. Please check the Setup > System Administration > User Interface > Web Server > SSL Security" setting. This needs to be set as "High Security" in order to only accept TLS 1.2 encryption.
Best regards
Created on Sep 1, 2015 4:10:57 AM by
I made the suggested setting change and it would appear that TLS1.0 is still supported. Running a scan on https://www.ssllabs.com/ssltest, as well as the scan run by our payment processor both show that TLS 1.2, 1.1, and 1.0 are all supported. However, SSL 2 and 3 have been successfully disabled.
Hi Matt,
I just discussed this case with our development and you are correct, TLS 1.0 and TLS 1.1 connections are accepted by the PRTG webserver within the current version of PRTG.
Best regards, Felix
Created on Sep 15, 2015 6:44:00 AM by
So is there a way I can disable TLS 1.0?
We are currently working on a solution to block TLS 1.0. Meanwhile, this needs to either be configured on a firewall or the client machines. You might want to follow This Article to disable TLS 1.0 in the web browser. Please bear with us.
Best regards, Felix
Created on Sep 16, 2015 9:40:23 AM by
Has there been any update to this issue? We are running into the same issue, preventing us from passing our PCI-DSS Penetration Test?
Created on Dec 23, 2015 10:09:39 PM by
Hi,
TLS 1.0 connections still need to be disabled on the client machine or within a firewall inbetween, sorry.
Best regards,
Created on Dec 28, 2015 6:17:42 AM by
any update on this?
Dear Kube,
I'm afraid that we don't have an update yet.
Best regards, Felix
Created on May 27, 2016 5:22:20 AM by
Hi team. Has there been any movement on this? This issue is now nearly 1 year old and failing PCI scans is becoming harder to justify for such a simple issue.
Created on Aug 19, 2016 5:50:11 AM by
Hi Andre,
It's currently being worked on to be released later this year in case all goes well.
Kind regards.
Created on Aug 22, 2016 11:14:42 AM by
Hi, do you have any updated ETA on this? Since the SSL Security Check sensor in PRTG itself now is flagging TLSv1 as Weak, I have no way of correcting this warning without removing the remote monitoring of our PRTG installation.
Hi runnane,
Yes, we just released 16.4.27.6720 where you can change how the sensor rates TLS 1.0.
Do an update check in PRTG and install the new version, then you can apply the new settings.
Kind regards,
Erhard
Created on Oct 11, 2016 10:10:33 AM by
Dear PRTG,
Are you serious? You determine TLS 1.0 as weak but don't support deactivating it in your own software??? And your solution is to manipulate the rating?
Wow...
Created on Oct 12, 2016 6:45:33 AM by
Dear Dennis,
Of course we are aware of the irony. Just to be clear: This workaround has not been implemented due to the circumstance that PRTG does not support deactivating TLS 1.0 for its own webserver at the moment.
The thing is, there are many users out there and while some need the sensor to sound the alarm when TLS1.0 is supported, others do not want this or at least not for every device for several reasons. Now instead of instructing how to tinker manually with the used lookups in the sensor, we decided to provide alternate lookups ourselves to switch the behavior. Otherwise -once you use selfmade lookups- future changes to the sensor may not work because of the custom lookups.
As for "our homework" regarding TLS1.0: We are working on deactivating TLS 1.0 for PRTG, but it's a little more complicated than just flicking a switch since there are several dependencies around that which have further implications that might even break certain sensors if we would just shut off TLS1.0.
Kind regards,
Erhard
Created on Oct 13, 2016 3:31:32 PM by
Last change on Oct 13, 2016 3:35:57 PM by
Hi,
Is there an update to this? Or a time-frame at the least? We also require this.
Created on Jan 31, 2017 11:44:48 PM by
Hi Matt,
You're got mail.
Kind regards,
Erhard
Created on Feb 1, 2017 1:40:09 PM by
Last change on Feb 1, 2017 1:40:22 PM by
Hi Erhard,
we are also interested for a update or a solution.
Thank You.
Best regards, Sebastian
Created on Feb 3, 2017 3:58:24 PM by
@Sebastian: You've got mail.
Kind regards,
Erhard
Created on Feb 6, 2017 8:59:28 AM by
Hi guys. Any update on this? PRTG is causing my PCI scan to fail and I really need to disable TLS1.0 and SSL3.
Created on Feb 7, 2017 12:35:42 AM by
Hi Andre,
You too have got mail.
Kind regards,
Erhard
Created on Feb 7, 2017 12:16:36 PM by
Could i get mail as well regarding this issue? Thanks
Hi Matt,
Sure, you've got mail.
Kind regards,
Erhard
Created on Feb 8, 2017 7:30:58 AM by
Hi Erhard,
I'm also interested in a solution to disable TLS 1.0
Regards.
Hi Bruno,
Sure, you've got mail.
Kind regards,
Erhard
Created on Feb 17, 2017 2:00:35 PM by
Hi Erhard, I also need a solution to disable TLS 1.0. Best,
Created on Feb 18, 2017 9:18:51 AM by
Hi Erhards. May I also get a solution to disable TLS1.0 on my system? Thank you, best regards.
Created on Feb 22, 2017 7:14:27 AM by
Hi jvazac,
Sure, you've got mail.
Kind regards,
Erhard
Created on Feb 22, 2017 8:16:54 AM by
Hi Erhard, I would also like this solution. Thanks.
Created on Feb 22, 2017 4:14:39 PM by
Hi ebeville,
Sure, you've got mail.
Kind regards,
Erhard
Created on Feb 23, 2017 11:49:19 AM by
Hi,
Would it be possible to receive the solution as well please?
Many Thanks,
Aston
Created on Mar 1, 2017 4:04:03 PM by
Please keep working on a solution. Cert scans are failing on PRTG. I can't pass PCI DSS this year if I also run PRTG. Also put me on the mailing list. Thanks
Created on Mar 1, 2017 7:16:52 PM by
Hello Aston, hello lwdbos,
Both of you got mail to your email addresses used for registering in our knowledgebase.
Kind regards,
Erhard
Created on Mar 2, 2017 12:09:42 PM by
We also need to disable TLS1 and 1.1 as we are being dinged on 3rd party security scans required for our audit.
Created on Mar 6, 2017 8:45:14 PM by
Hello Cory,
You've got mail.
Kind regards,
Erhard
Created on Mar 8, 2017 9:29:25 AM by
Can I please have the solution to this as also failing PCI
Created on Mar 8, 2017 12:04:55 PM by
Hello Dan,
And you too have got mail.
Kind regards,
Erhard
Created on Mar 8, 2017 2:16:27 PM by
I need to remove TLS 1.0 as well. Would you please email me the information ? Thanks
Can i get this as well. thanks
@wdkunkin & kube1984: You've got mail.
Kind regards,
Erhard
Created on Mar 14, 2017 10:01:24 AM by
Hi, can you please help me as well?? I need to pass our audit!
Created on Mar 16, 2017 2:37:32 PM by
Dear Tan, because we are already in email contact with you, I suggest to keep on that communication source.
Best,
Sebastian
Created on Mar 17, 2017 6:37:36 AM by
Hi. I'd be interested in how we can disable TLS 1.0.
Created on Mar 28, 2017 12:18:10 PM by
Hi mchapman,
You've got mail.
Kind regards,
Erhard
Created on Mar 28, 2017 2:54:06 PM by
We are also facing PCI DSS and need to disable. Can I please get the e-mail? /Andreas
Created on Mar 29, 2017 2:32:29 PM by
Hello Andreas,
Sure, mail just went out.
Kind regards,
Erhard
Created on Mar 29, 2017 2:45:41 PM by
Hi, Please also send me the email.
Created on Apr 5, 2017 10:54:42 AM by
My InfoSec team just said this server is causing us to fail our PCI external scans. Any update on this capability being built in yet or can I get the email that seems to have a solution?
Created on Apr 17, 2017 2:20:32 PM by
Check your mailbox TCS-Obrien, you got mail.
Created on Apr 17, 2017 4:40:03 PM by
So, why don't we just post the solution instead of sending individual emails? I'm failing security scans too since I can't disable TLS 1.0 on PRTG.
Created on Apr 18, 2017 11:15:47 PM by
Please can you also send the solution to disable TL1.0
thanks
Created on Apr 20, 2017 2:40:46 PM by
We would also like the solution. Could you please email it to me as well? Thank you.
Created on Apr 20, 2017 9:13:18 PM by
Can I also receive this email...
Created on Apr 21, 2017 4:07:50 PM by
Another request for the secret email, please!
Everybody should have received the instructions, otherwise please let us know in case we overlooked someone.
Kind regards,
Erhard
Created on Apr 25, 2017 8:11:37 AM by
Hello Erhard,
Could I have this mystery email also? :-)
Thanks in advance!
Regards Mikkel
Created on May 4, 2017 7:18:31 PM by
Hi Mikkel,
Erhard is not here today, but I just sent the information. :)
Best regards, Felix
Created on May 5, 2017 8:34:45 AM by
Can I also be sent the fix? Thanks
Created on May 9, 2017 4:08:20 PM by
Hi mspitz,
You've got mail.
Kind regards,
Erhard
Created on May 9, 2017 7:14:22 PM by
Please, forward the email to me also.
Thanks,
Hans
Created on May 26, 2017 4:10:18 PM by
Can I have the fix too please.
Created on May 28, 2017 9:16:25 PM by
Craig & Hans, you've got mail.
Kind regards,
Erhard
Created on May 29, 2017 11:23:52 AM by
Hi Erhard,
I need your email also ;-)
Thanks, Rainer
Created on May 30, 2017 1:08:39 PM by
Can I have the fix too please.
Created on May 30, 2017 1:41:08 PM by
Please can you send me the fix - I need TLS1.0 to be gone from my systems.
thanks.
Created on Jun 1, 2017 10:50:01 AM by
Hello Phil,
You've got mail.
Kind regards,
Erhard
Created on Jun 1, 2017 12:50:06 PM by
I would also like the fix.
Thank you.
Created on Jun 5, 2017 3:58:02 PM by
Hello Brian,
You've got mail.
Kind regards,
Erhard
Created on Jun 5, 2017 4:09:15 PM by
Could you send me the fix to?
Kind regards, Jeroen
Created on Jun 6, 2017 8:32:00 AM by
Hello Jeroen,
You've got mail.
Kind regards,
Erhard
Created on Jun 6, 2017 8:43:03 AM by
Hi Erhard, I need your email also to disable TLS 1.0 ;-) Thanks, Nathan
Created on Jun 8, 2017 2:25:22 AM by
Hi Nathan,
Sure, you've got mail.
Kind regards,
Erhard
Created on Jun 8, 2017 9:27:48 AM by
Hi Erhard, I'd like this too.
thanks, Bruce.
Created on Jun 8, 2017 11:10:29 AM by
Hi Bruce,
Mail's out.
Kind regards,
Erhard
Created on Jun 8, 2017 3:00:15 PM by
We need to solution to disable TLS 1.0 on PRTG. Thanks
Created on Jun 10, 2017 1:55:06 AM by
Hello cheejack_ng,
You've got mail.
Kind regards,
Erhard
Created on Jun 12, 2017 6:37:49 AM by
Hi Erhard,
can you share that with me as well?
Created on Jun 15, 2017 3:43:31 AM by
Hi unraveller,
Yes, I can and I just did (mail's out) :)
Kind regards,
Erhard
Created on Jun 16, 2017 8:08:13 AM by
I would like instructions on how to disable tls 1.0.
Created on Jun 19, 2017 4:01:28 PM by
Hello dquick,
You've got mail.
Kind regards,
Erhard
Created on Jun 20, 2017 6:27:51 AM by
Hi, Please could you send the instruction to myself as well?
Thanks Mark
Created on Jun 21, 2017 4:31:09 PM by
Can I also get the instructions how to disable TLS 1.0 please? many thanks
Created on Jun 22, 2017 8:32:56 AM by
One more for these secret cannot be posted instructions.
Created on Jun 26, 2017 5:09:33 PM by
Hi Erhard, Could you pass details on for this to me? need to pass our audit.
Created on Jul 2, 2017 9:32:50 PM by
You'd save yourselves a bit of work, and customers a bit of time having to register for a forum account, if you'd simply release a knowledgebase article. In the meantime, can you email me the instructions, please?
I sent the instructions to both of you.
Best regards, Felix
Created on Jul 4, 2017 11:53:39 AM by
Can I have the secret magic email too please.
Created on Jul 4, 2017 3:29:34 PM by
Can I have the fix too please.
Created on Jul 4, 2017 3:34:21 PM by
The "Magic Mail" got sent. :)
Created on Jul 5, 2017 11:31:27 AM by
May I too have this magic to disable TLS 1.0? :)
Can I have the fix too please.
Created on Jul 7, 2017 12:52:36 PM by
Hello Martin,
You've got mail.
Kind regards,
Erhard
Created on Jul 11, 2017 8:56:57 AM by
Can some one send me the steps to disabling TLS 1.0
Hello Ernesto,
You've got mail.
Kind regards,
Erhard
Created on Jul 13, 2017 7:59:06 PM by
Can I please also get this magic email to disable TLS 1.0?
Thanks!
Created on Jul 14, 2017 7:51:12 PM by
Hello radumelnic,
Please check your emails.
Best,
Sebastian
Created on Jul 17, 2017 5:34:57 AM by
please send me the fix, also failing PCI scans as need to disable
•The following SSL/TLS cipher suites use Diffie-Hellman a prime modulus smaller than 2048 bits: •TLS 1.0 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits
•TLS 1.1 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits
Created on Jul 20, 2017 1:57:44 PM by
We also need to disable tls 1.1 for PCI scanning
Created on Jul 20, 2017 2:57:47 PM by
Hi Mike,
You've got mail.
Kind regards,
Erhard
Created on Jul 21, 2017 8:49:28 AM by
Why hasn't the solution to disable TLS 1.0 not been posted publicly? It seems a little ridiculous that your emailing each individual customer with the solution. Can I please get this secret information update sent to me?
Can I get the email too?
Created on Jul 27, 2017 9:24:31 PM by
@rcary: You've got mail.
@unluck: Point taken. Since the workaround has a few culprits like Enterprise Console not working anymore, we decided to not publish it and only give it out to people explicitly asking for it, you could have also sent us an email about it.
Thing is, depending on how it will be finally implemented later in PRTG, we might need to contact the users who have applied the "reghack" to adjust something (if necessary, you never know....).
By handling it like this, we can at least keep track of the people who were handed out the details so far.
Kind regards,
Erhard
Created on Jul 28, 2017 10:58:12 AM by
We also need to disable TLSv1.0 - can I get the Mail? Steffen
Hi Steffen,
You've got mail.
Kind regards,
Erhard
Created on Aug 10, 2017 7:31:36 AM by
Hi,
Please can you send me the relevant info too?
Thanks,
Nik
Created on Aug 11, 2017 11:03:05 AM by
Hi Nik,
Sure, mail's out.
Kind regards,
Erhard
Created on Aug 11, 2017 11:35:28 AM by
I would like this super secret email please.
Created on Aug 12, 2017 3:07:31 AM by
Hello pjs5406,
You've got mail.
Kind regards,
Erhard
Created on Aug 14, 2017 12:07:23 PM by
Please send us these instructions.
Created on Aug 15, 2017 8:41:51 PM by
Hello Kenneth,
You've got mail.
Kind regards,
Erhard
Created on Aug 16, 2017 7:09:01 AM by
can i have the instructions please
Created on Sep 2, 2017 3:16:43 PM by
Please also send the instructions to me.
Kind Regards, Thomas.
Hi Thomas,
You've got mail.
Kind regards,
Erhard
Created on Sep 5, 2017 9:18:05 AM by
Can you send me this email?
Best regards, Ernest
Created on Sep 7, 2017 2:26:37 AM by
Hi Ernest,
Sure, you've got mail.
Kind regards,
Erhard
Created on Sep 7, 2017 7:32:46 AM by
Could I also have the secret squirrel email please... :)
Created on Sep 11, 2017 10:41:08 AM by
Hi Michael,
Yes, you can ^^
Kind regards,
Erhard
Created on Sep 11, 2017 12:46:31 PM by
I don't understand why the solution can't be posted but can you send me the method to disable TLS1.0. TLS1.0 fails PCI so this should be published for all...
Created on Sep 16, 2017 5:05:47 AM by
Dear 87racer,
Mail's out and here's why we don't post the details publicly (yet).
Kind regards,
Erhard
Created on Sep 18, 2017 7:18:06 AM by
Hello,
I would also like to have this email.
Thanks!
Created on Sep 18, 2017 4:13:35 PM by
Hi Phil,
You've got mail.
Kind regards,
Erhard
Created on Sep 18, 2017 8:07:03 PM by
Last change on Sep 18, 2017 8:07:22 PM by
I need the fix. Thanks in advance
Created on Sep 26, 2017 6:01:04 PM by
Manny, you got mail as well.
Best regards, Felix
Created on Sep 26, 2017 7:08:25 PM by
Can I please also have the TLS 1.0 disable fix ? Thanks
Created on Sep 27, 2017 1:52:00 PM by
Hi unibe_sec_team,
You've got mail.
Kind regards,
Erhard
Created on Sep 28, 2017 9:58:15 AM by
Can I please also have the TLS 1.0 disable fix ? Thanks Its a pain for our PCI compliance
Created on Sep 29, 2017 4:10:12 AM by
Hello Wayne,
You've got mail.
Kind regards,
Erhard
Created on Sep 29, 2017 1:35:10 PM by
Can I please also have the TLS 1.0 disable fix ? Our PCI scans keep failing. Thanks
Created on Oct 2, 2017 3:01:57 PM by
Hi Coop888,
You've got mail.
Kind regards,
Erhard
Created on Oct 2, 2017 5:42:48 PM by
Can I get te mail also to disable TLSv1.0?
Kind regards,
Patrick
Created on Oct 4, 2017 10:31:49 PM by
Hi Patrick,
Sure, mail's out.
Kind regards,
Erhard
Created on Oct 5, 2017 3:11:29 PM by
I need the instruction too. Regards, Michal
Created on Oct 9, 2017 8:18:09 AM by
Hello Michal,
You've got mail.
Kind regards,
Erhard
Created on Oct 9, 2017 12:40:00 PM by
I am running 17.3.32.2478 and need the instructions as well
Created on Oct 24, 2017 4:01:17 PM by
Hello Harleytek,
You've got mail.
Kind regards,
Erhard
Created on Oct 25, 2017 12:31:11 PM by
Hi Erhard,
I'm running PRTG Network Monitor 17.3.33.2830+ do you have also an email for me, to disable TLS 1.0?
Kind Regards Michael
Created on Oct 26, 2017 12:48:12 PM by
Hi Michael,
Sure, mail's out.
Kind regards,
Erhard
Created on Oct 26, 2017 1:43:37 PM by
Hello, i am amazed at the fact this thread is now 3 years old is mostly mailing out the solution. But alas, i too need this email please
Created on Nov 1, 2017 1:46:46 PM by
You got mail Samuel.
Best regards, Felix
Created on Nov 1, 2017 4:57:26 PM by
Please send me the solution.
Created on Nov 4, 2017 6:17:14 PM by
Please send me the temporary fix also. Thank you, Tom
Created on Nov 9, 2017 2:44:56 PM by
Hi guys, please send me the solution to disabling TLS1.0 thanks, Ross
Created on Nov 9, 2017 3:19:51 PM by
Hello, would you be so kind to forward over the solution to the TLS1.0 fix? Thank you!
Please send me the fix for the solution to TLS 1.0 issue. Thanks! -Sam
Created on Nov 15, 2017 2:49:36 PM by
Hi Sam,
Youve got mail.
Kind regards,
Erhard
Created on Nov 15, 2017 3:18:00 PM by
Hi,
Please can you also send the solution to disable TL1.0
Many thanks
Best Regards, Carlo
Created on Nov 23, 2017 10:07:28 PM by
Please send me the fix too! Thanks
Created on Nov 27, 2017 11:24:25 PM by
May I have the mail also please?
Thanks,
May I please get this email?
Created on Dec 13, 2017 6:03:18 PM by
Please send me the email. Thanks
Created on Dec 13, 2017 9:33:49 PM by
Hi, Please can you also send the solution to disable TL1.0 Many thanks Best Regards, Dave
Created on Dec 14, 2017 9:47:47 AM by
Hi, Please can you also send the solution to disable TL1.0
Thanks
Created on Dec 16, 2017 2:11:08 PM by
Please send me the solution to disable TL1.0
Created on Jan 8, 2018 11:14:52 AM by
Hi,
Please can you also send the solution to disable TL1.0 Need it for Windows (IIS), Ubuntu and Debian (apache2)
Thanks
Created on Jan 8, 2018 3:30:39 PM by
Hi kranzfr3d,
I can send you instructions for how to disable TLS 1.0 for PRTG's webserver, not for other webservers. PRTG has a webserver of its own, it's neither IIS nor Apache based.
Kind regards,
Erhard
Created on Jan 9, 2018 9:43:31 AM by
Can you please intructions on how to disable TLS1.0 on the PRTG webserver. Thanks
Mahesh
Created on Jan 11, 2018 3:55:55 PM by
Can I also get these instructions emailed. Thanks in advance.
Created on Jan 15, 2018 10:39:34 PM by
May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!
Created on Jan 19, 2018 3:58:36 AM by
Could we get the intructions also, please?
Thanks.
Created on Jan 23, 2018 5:04:56 PM by
May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!
Created on Feb 1, 2018 4:37:11 PM by
Can you please send me the instructions? Thanks!
Created on Feb 2, 2018 7:30:43 PM by
Dear PRTG team, can i also get the instructions to disable TLS1.0? thanks for this great tool!!!
Created on Feb 7, 2018 10:51:31 PM by
Dear PRTG Team,
can I also get instruction to Disable TSL1.0?
Thanks
Please also send me the mystery email that disables TLS 1.0. We are also failing PCI scans. Thanks!
Created on Feb 14, 2018 7:37:00 PM by
Hi PRTG Team,
Please can I be sent the mystery secret email as well.
Thanks, Rick
Created on Feb 24, 2018 11:49:50 PM by
I need the secret email too. Thanks
Created on Mar 2, 2018 9:06:44 PM by
Is there any progress on being able to disable TLS 1.0 without it removing functionality?
Created on Jul 3, 2018 10:03:31 AM by
Hi Martin,
The options to disable TLS1.0 will officially find their way into version 18.x.43 if all goes well (ETA August 2018), so there is no more tinkering with the registry required. What will not change is that Enterprise Console will no longer work with TLS1.0 disabled, as Enterprise Console is no longer under active development and will be replaced by Desktop Client that is already available for beta testing.
Kind regards,
Erhard
Created on Jul 3, 2018 10:24:39 AM by
As with many others, I too need to remove TLS1.0 from my PRTG probes and servers. May I please have the email detailing how to do this sent to me? Thank you.
Created on Aug 16, 2018 6:19:43 PM by
Hi there,
Sure, you'll receive the mail soon.
Best regards, Felix
Created on Aug 17, 2018 6:19:20 AM by
Can I also have the super-secret email, please?
Created on Aug 17, 2018 4:53:48 PM by
18.3.43.x is now out - does this contain the fix or are we waiting for a different release?
Please May I also have this Work Around .
Created on Aug 27, 2018 12:44:04 AM by
PRTG version 18.x.43 does not yet contain the new webserver settings, it will be part in one of the upcoming releases though. Thanks for bearing with us!
Best regards, Felix
Created on Aug 27, 2018 5:49:50 AM by
Hello
Could you please send me the email also please?
Thank you
Neville
Created on Sep 3, 2018 2:16:35 PM by
Can I please request the PRTG registry fix for tls 1.0?
Created on Sep 10, 2018 10:25:47 AM by
Could I get the intructions also, please?
Best regards Michael
Created on Sep 11, 2018 11:57:00 PM by
Accepted Answer
Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.
Created on Sep 12, 2018 8:43:01 AM by
Last change on Sep 24, 2018 2:13:01 PM by
Could i please get the email for the "fix"
Created on Sep 19, 2018 3:48:03 PM by
Hi support can i have email with fix?
Thx
Created on Jan 24, 2019 8:58:37 AM by
It's already integrated in the latest version of PRTG, update you instance and change the settings via the Setup > System Administration > Web Interface page.
Kind regards,
Felix Saure, Tech Support Team
Created on Jan 24, 2019 9:50:53 AM by
We are on version 19.2.50.2842. If I go to Setup -> System Admin -> User Interface -> Web Interface, the setting there for "High Security" still allows TLS 1.1, i.e.:
High security (TLS 1.1, TLS 1.2)
This issue arose in August 2015. Can we please get a serious response to this need?
Dong,
Can you please update to the latest version of PRTG?
Benjamin Day
Paessler Support
Created on Nov 14, 2019 2:11:43 AM by
This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. This server supports TLS 1.1. Grade capped to B.
What is the timeline to be able to turn off TLS 1.1 and the weaker DH keys? Running latest version: PRTG Network Monitor 19.4.54.1506 x64
Belz,
Setup > System Administration > User Interface > Web Server > Connection Security" setting.
This needs to be set as "Default Security" or "High Security" in order to only accept TLS 1.2 encryption.
This is in the latest stable release of PRTG, 20.1.55.1775.
Benjamin Day
Technical Support
Created on Feb 14, 2020 2:36:32 AM by
Last change on Feb 14, 2020 2:39:52 AM by
We are running 20.1.56.1547+, and are set to High Security, but the weak keys are still being used. Grade from SSLLABS still capped at a B due to that. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp384r1 (eq. 7680 bits RSA) FS 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS 256
Timeline for the weak keys to be disabled/remove, or at least have a toggle as to which keys to allow?
Hello
I'm in version 20.1.55.1775. set the connection security to high security TLS1.2 but I still get TLS1.0 and 1.1 enabled. Any way to solve this?
Regards Ricardo
Created on Apr 7, 2020 5:02:37 PM by
Ricardo
Please update to the latest version of PRTG, 20.1.57, and try if this still persists, please open a support ticket.
Benjamin Day
Paessler Support
Created on Apr 8, 2020 4:56:06 PM by
i got the same issue, what is the secret to solve this ? High security (TLS 1.2) acitvated
SSLABS ->
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No
and i'm running PRTG Network Monitor 20.3.60.1623 x64
regards, Jannick
Created on Sep 30, 2020 7:38:10 AM by
Last change on Sep 30, 2020 9:11:13 PM by
Jannick,
Can you please update to the latest stable release of PRTG, and try this again?
Benjamin Day
[Paessler Support]
Created on Sep 30, 2020 9:11:53 PM by
May I please get the email on disabling TLS 1.0 for version 14.3. we have it running just for ICMP polling on an environment and no need to upgrade at this time.
Created on Dec 17, 2020 8:34:07 PM by
Miguel,
At this time we only support versions with active maintenance and released within the last calendar year.
Benjamin Day
[Paessler Support]
Created on Dec 18, 2020 9:28:16 PM by
Hi Could i have the hidden fix as this is also causing me issues with pci compliance
Created on Jul 19, 2022 9:17:33 PM by
Vince,
In the current stable release of PRTG, the default web server security setting is to use only TLS 1.2. So as long as you're running version 22.2.77, you should be good to go.
Benjamin Day
[Paessler Support]
Created on Jul 20, 2022 2:21:19 PM by
Hi, may I have the magic fix to disable tls1.0 on older PRTG too? Thanks.
Created on May 23, 2023 8:43:05 AM by
Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
Add comment