What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is there a way to disable SSLv3 and TLSv1.0 support for the PRTG Web server? And can I disable the S

Votes:

0

Your Vote:

Up

Down

We keep failing PCI DSS external network scans because they detect that SSLv3 and TLSv1.0 are supported by the PRTG Web server, as well as the PRTG Demo Certificate still using the SHA-1 signature algorithm. Is it possible to disable support for these protocols/algorithm?

pci ssl ssl-certificate tls

Created on Aug 30, 2015 4:12:16 AM by  MorganL (10) 1



Best Answer

Accepted Answer

Votes:

0

Your Vote:

Up

Down

Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.

Created on Sep 12, 2018 8:43:01 AM by  Erhard Mikulik [Paessler Support]

Last change on Sep 24, 2018 2:13:01 PM by  Erhard Mikulik [Paessler Support]



197 Replies

Votes:

0

Your Vote:

Up

Down

Hi Matt,

PRTG supports SSL connections via TLS 1.2 since version 14.x.12 or later. If you are using an older version, update to the latest release to enable the new security features.

For more detailed information, please have a look at the PRTG Network Monitor Security Features

Best regards, Felix

Created on Aug 31, 2015 8:00:34 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Felix,

I'm on the current version (15.3.18.3616). I know it supports the newer versions, my problem is that it also still supports the old versions. I need PRTG to not support the old versions.

In searching for an answer, I found a webpage that listed a fix from you that I couldn't find in the Paessler KB. It references "OverrideSSLVersion" and "OverrideSSLCipher" registry entries. Would these be a possible solution for removing SSLv3 and TLSv1.0 support from my PRTG installation?

Created on Aug 31, 2015 9:12:35 PM by  MorganL (10) 1



Votes:

1

Your Vote:

Up

Down

Hi,

This won't be necessary as the webserver rejects SSLv3 connections. Please check the Setup > System Administration > User Interface > Web Server > SSL Security" setting. This needs to be set as "High Security" in order to only accept TLS 1.2 encryption.

Best regards

Created on Sep 1, 2015 4:10:57 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I made the suggested setting change and it would appear that TLS1.0 is still supported. Running a scan on https://www.ssllabs.com/ssltest, as well as the scan run by our payment processor both show that TLS 1.2, 1.1, and 1.0 are all supported. However, SSL 2 and 3 have been successfully disabled.

Created on Sep 11, 2015 12:26:17 AM by  MorganL (10) 1



Votes:

0

Your Vote:

Up

Down

Hi Matt,

I just discussed this case with our development and you are correct, TLS 1.0 and TLS 1.1 connections are accepted by the PRTG webserver within the current version of PRTG.

Best regards, Felix

Created on Sep 15, 2015 6:44:00 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

So is there a way I can disable TLS 1.0?

Created on Sep 15, 2015 5:32:06 PM by  MorganL (10) 1



Votes:

0

Your Vote:

Up

Down

We are currently working on a solution to block TLS 1.0. Meanwhile, this needs to either be configured on a firewall or the client machines. You might want to follow This Article to disable TLS 1.0 in the web browser. Please bear with us.

Best regards, Felix

Created on Sep 16, 2015 9:40:23 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Has there been any update to this issue? We are running into the same issue, preventing us from passing our PCI-DSS Penetration Test?

Created on Dec 23, 2015 10:09:39 PM by  Ingrambw (0)



Votes:

0

Your Vote:

Up

Down

Hi,

TLS 1.0 connections still need to be disabled on the client machine or within a firewall inbetween, sorry.

Best regards,

Created on Dec 28, 2015 6:17:42 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

any update on this?

Created on May 26, 2016 4:28:46 PM by  kube1984 (600) 3 1



Votes:

0

Your Vote:

Up

Down

Dear Kube,

I'm afraid that we don't have an update yet.

Best regards, Felix

Created on May 27, 2016 5:22:20 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi team. Has there been any movement on this? This issue is now nearly 1 year old and failing PCI scans is becoming harder to justify for such a simple issue.

Created on Aug 19, 2016 5:50:11 AM by  Andre Swigon (0) 2



Votes:

0

Your Vote:

Up

Down

Hi Andre,

It's currently being worked on to be released later this year in case all goes well.

Kind regards.

Created on Aug 22, 2016 11:14:42 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, do you have any updated ETA on this? Since the SSL Security Check sensor in PRTG itself now is flagging TLSv1 as Weak, I have no way of correcting this warning without removing the remote monitoring of our PRTG installation.

Created on Oct 11, 2016 8:49:04 AM by  runnane (20) 1



Votes:

0

Your Vote:

Up

Down

Hi runnane,

Yes, we just released 16.4.27.6720 where you can change how the sensor rates TLS 1.0.

Do an update check in PRTG and install the new version, then you can apply the new settings.

Kind regards,

Erhard

Created on Oct 11, 2016 10:10:33 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Dear PRTG,

Are you serious? You determine TLS 1.0 as weak but don't support deactivating it in your own software??? And your solution is to manipulate the rating?

Wow...

Created on Oct 12, 2016 6:45:33 AM by  Dennis W (0)



Votes:

0

Your Vote:

Up

Down

Dear Dennis,

Of course we are aware of the irony. Just to be clear: This workaround has not been implemented due to the circumstance that PRTG does not support deactivating TLS 1.0 for its own webserver at the moment.

The thing is, there are many users out there and while some need the sensor to sound the alarm when TLS1.0 is supported, others do not want this or at least not for every device for several reasons. Now instead of instructing how to tinker manually with the used lookups in the sensor, we decided to provide alternate lookups ourselves to switch the behavior. Otherwise -once you use selfmade lookups- future changes to the sensor may not work because of the custom lookups.

As for "our homework" regarding TLS1.0: We are working on deactivating TLS 1.0 for PRTG, but it's a little more complicated than just flicking a switch since there are several dependencies around that which have further implications that might even break certain sensors if we would just shut off TLS1.0.

Kind regards,

Erhard

Created on Oct 13, 2016 3:31:32 PM by  Erhard Mikulik [Paessler Support]

Last change on Oct 13, 2016 3:35:57 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi,

Is there an update to this? Or a time-frame at the least? We also require this.

Created on Jan 31, 2017 11:44:48 PM by  MattS (0)



Votes:

0

Your Vote:

Up

Down

Hi Matt,

You're got mail.

Kind regards,

Erhard

Created on Feb 1, 2017 1:40:09 PM by  Erhard Mikulik [Paessler Support]

Last change on Feb 1, 2017 1:40:22 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard,

we are also interested for a update or a solution.

Thank You.

Best regards, Sebastian

Created on Feb 3, 2017 3:58:24 PM by  soehl (0)



Votes:

0

Your Vote:

Up

Down

@Sebastian: You've got mail.

Kind regards,

Erhard

Created on Feb 6, 2017 8:59:28 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi guys. Any update on this? PRTG is causing my PCI scan to fail and I really need to disable TLS1.0 and SSL3.

Created on Feb 7, 2017 12:35:42 AM by  Andre Swigon (0) 2



Votes:

0

Your Vote:

Up

Down

Hi Andre,

You too have got mail.

Kind regards,

Erhard

Created on Feb 7, 2017 12:16:36 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Could i get mail as well regarding this issue? Thanks

Created on Feb 7, 2017 5:49:16 PM by  MorganL (10) 1



Votes:

0

Your Vote:

Up

Down

Hi Matt,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 8, 2017 7:30:58 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard,

I'm also interested in a solution to disable TLS 1.0

Regards.

Created on Feb 17, 2017 1:18:40 PM by  BrunoZ (0) 1



Votes:

0

Your Vote:

Up

Down

Hi Bruno,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 17, 2017 2:00:35 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard, I also need a solution to disable TLS 1.0. Best,

Created on Feb 18, 2017 9:18:51 AM by  Luc (0)



Votes:

0

Your Vote:

Up

Down

Hi Erhards. May I also get a solution to disable TLS1.0 on my system? Thank you, best regards.

Created on Feb 22, 2017 7:14:27 AM by  jvazac (0)



Votes:

0

Your Vote:

Up

Down

Hi jvazac,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 22, 2017 8:16:54 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard, I would also like this solution. Thanks.

Created on Feb 22, 2017 4:14:39 PM by  ebeville (0)



Votes:

0

Your Vote:

Up

Down

Hi ebeville,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 23, 2017 11:49:19 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi,

Would it be possible to receive the solution as well please?

Many Thanks,

Aston

Created on Mar 1, 2017 4:04:03 PM by  dehsinotsa (1) 1



Votes:

0

Your Vote:

Up

Down

Please keep working on a solution. Cert scans are failing on PRTG. I can't pass PCI DSS this year if I also run PRTG. Also put me on the mailing list. Thanks

Created on Mar 1, 2017 7:16:52 PM by  lwdbos (0)



Votes:

0

Your Vote:

Up

Down

Hello Aston, hello lwdbos,

Both of you got mail to your email addresses used for registering in our knowledgebase.

Kind regards,

Erhard

Created on Mar 2, 2017 12:09:42 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We also need to disable TLS1 and 1.1 as we are being dinged on 3rd party security scans required for our audit.

Created on Mar 6, 2017 8:45:14 PM by  Cory Jaeger (0)



Votes:

0

Your Vote:

Up

Down

Hello Cory,

You've got mail.

Kind regards,

Erhard

Created on Mar 8, 2017 9:29:25 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I please have the solution to this as also failing PCI

Created on Mar 8, 2017 12:04:55 PM by  dancunliffe (0)



Votes:

0

Your Vote:

Up

Down

Hello Dan,

And you too have got mail.

Kind regards,

Erhard

Created on Mar 8, 2017 2:16:27 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I need to remove TLS 1.0 as well. Would you please email me the information ? Thanks

Created on Mar 13, 2017 7:32:04 PM by  wdunkin (0) 1



Votes:

0

Your Vote:

Up

Down

Can i get this as well. thanks

Created on Mar 13, 2017 7:50:35 PM by  kube1984 (600) 3 1



Votes:

0

Your Vote:

Up

Down

@wdkunkin & kube1984: You've got mail.

Kind regards,

Erhard

Created on Mar 14, 2017 10:01:24 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, can you please help me as well?? I need to pass our audit!

Created on Mar 16, 2017 2:37:32 PM by  Yeow Tiong Tan (0)



Votes:

0

Your Vote:

Up

Down

Dear Tan, because we are already in email contact with you, I suggest to keep on that communication source.

Best,
Sebastian

Created on Mar 17, 2017 6:37:36 AM by  Sebastian Kniege [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi. I'd be interested in how we can disable TLS 1.0.

Created on Mar 28, 2017 12:18:10 PM by  Martin (0)



Votes:

0

Your Vote:

Up

Down

Hi mchapman,

You've got mail.

Kind regards,

Erhard

Created on Mar 28, 2017 2:54:06 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We are also facing PCI DSS and need to disable. Can I please get the e-mail? /Andreas

Created on Mar 29, 2017 2:32:29 PM by  anjo (0)



Votes:

0

Your Vote:

Up

Down

Hello Andreas,

Sure, mail just went out.

Kind regards,

Erhard

Created on Mar 29, 2017 2:45:41 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, Please also send me the email.

Created on Apr 5, 2017 10:54:42 AM by  quivos (0)



Votes:

0

Your Vote:

Up

Down

My InfoSec team just said this server is causing us to fail our PCI external scans. Any update on this capability being built in yet or can I get the email that seems to have a solution?

Created on Apr 17, 2017 2:20:32 PM by  TCS_Obrien (0)



Votes:

0

Your Vote:

Up

Down

Check your mailbox TCS-Obrien, you got mail.

Created on Apr 17, 2017 4:40:03 PM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

So, why don't we just post the solution instead of sending individual emails? I'm failing security scans too since I can't disable TLS 1.0 on PRTG.

Created on Apr 18, 2017 11:15:47 PM by  michaelb (0)



Votes:

0

Your Vote:

Up

Down

Please can you also send the solution to disable TL1.0

thanks

Created on Apr 20, 2017 2:40:46 PM by  khurram (0)



Votes:

0

Your Vote:

Up

Down

We would also like the solution. Could you please email it to me as well? Thank you.

Created on Apr 20, 2017 9:13:18 PM by  MattS (0)



Votes:

0

Your Vote:

Up

Down

Can I also receive this email...

Created on Apr 21, 2017 4:07:50 PM by  mchianese (0)



Votes:

0

Your Vote:

Up

Down

Another request for the secret email, please!

Created on Apr 24, 2017 5:42:51 PM by  Mike Garb (29) 1



Votes:

0

Your Vote:

Up

Down

Everybody should have received the instructions, otherwise please let us know in case we overlooked someone.

Kind regards,

Erhard

Created on Apr 25, 2017 8:11:37 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello Erhard,

Could I have this mystery email also? :-)

Thanks in advance!

Regards Mikkel

Created on May 4, 2017 7:18:31 PM by  MNimand (0)



Votes:

0

Your Vote:

Up

Down

Hi Mikkel,

Erhard is not here today, but I just sent the information. :)

Best regards, Felix

Created on May 5, 2017 8:34:45 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I also be sent the fix? Thanks

Created on May 9, 2017 4:08:20 PM by  mspitz (0)



Votes:

0

Your Vote:

Up

Down

Hi mspitz,

You've got mail.

Kind regards,

Erhard

Created on May 9, 2017 7:14:22 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Please, forward the email to me also.

Thanks,

Hans

Created on May 26, 2017 4:10:18 PM by  hskaret (0)



Votes:

0

Your Vote:

Up

Down

Can I have the fix too please.

Created on May 28, 2017 9:16:25 PM by  craigreynoldsenable (0)



Votes:

0

Your Vote:

Up

Down

Craig & Hans, you've got mail.

Kind regards,

Erhard

Created on May 29, 2017 11:23:52 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard,

I need your email also ;-)

Thanks, Rainer

Created on May 30, 2017 1:08:39 PM by  Rainer Breidling (0)



Votes:

0

Your Vote:

Up

Down

Can I have the fix too please.

Created on May 30, 2017 1:41:08 PM by  Patrick Gürtler (0)



Votes:

0

Your Vote:

Up

Down

Please can you send me the fix - I need TLS1.0 to be gone from my systems.

thanks.

Created on Jun 1, 2017 10:50:01 AM by  philw (0)



Votes:

0

Your Vote:

Up

Down

Hello Phil,

You've got mail.

Kind regards,

Erhard

Created on Jun 1, 2017 12:50:06 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I would also like the fix.

Thank you.

Created on Jun 5, 2017 3:58:02 PM by  brianyoung (0)



Votes:

0

Your Vote:

Up

Down

Hello Brian,

You've got mail.

Kind regards,

Erhard

Created on Jun 5, 2017 4:09:15 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Could you send me the fix to?

Kind regards, Jeroen

Created on Jun 6, 2017 8:32:00 AM by  jwarnar1980 (0)



Votes:

0

Your Vote:

Up

Down

Hello Jeroen,

You've got mail.

Kind regards,

Erhard

Created on Jun 6, 2017 8:43:03 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard, I need your email also to disable TLS 1.0 ;-) Thanks, Nathan

Created on Jun 8, 2017 2:25:22 AM by  maxsoft (0)



Votes:

0

Your Vote:

Up

Down

Hi Nathan,

Sure, you've got mail.

Kind regards,

Erhard

Created on Jun 8, 2017 9:27:48 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard, I'd like this too.

thanks, Bruce.

Created on Jun 8, 2017 11:10:29 AM by  shropshire (0)



Votes:

0

Your Vote:

Up

Down

Hi Bruce,

Mail's out.

Kind regards,

Erhard

Created on Jun 8, 2017 3:00:15 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We need to solution to disable TLS 1.0 on PRTG. Thanks

Created on Jun 10, 2017 1:55:06 AM by  cheejack_ng (0)



Votes:

0

Your Vote:

Up

Down

Hello cheejack_ng,

You've got mail.

Kind regards,

Erhard

Created on Jun 12, 2017 6:37:49 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard,

can you share that with me as well?

Created on Jun 15, 2017 3:43:31 AM by  unraveller (0)



Votes:

0

Your Vote:

Up

Down

Hi unraveller,

Yes, I can and I just did (mail's out) :)

Kind regards,

Erhard

Created on Jun 16, 2017 8:08:13 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I would like instructions on how to disable tls 1.0.

Created on Jun 19, 2017 4:01:28 PM by  dquick (0)



Votes:

0

Your Vote:

Up

Down

Hello dquick,

You've got mail.

Kind regards,

Erhard

Created on Jun 20, 2017 6:27:51 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi, Please could you send the instruction to myself as well?

Thanks Mark

Created on Jun 21, 2017 4:31:09 PM by  MDennison (0)



Votes:

0

Your Vote:

Up

Down

Can I also get the instructions how to disable TLS 1.0 please? many thanks

Created on Jun 22, 2017 8:32:56 AM by  Dieter Wallak (0)



Votes:

0

Your Vote:

Up

Down

One more for these secret cannot be posted instructions.

Created on Jun 26, 2017 5:09:33 PM by  mtousignant (0)



Votes:

0

Your Vote:

Up

Down

Hi Erhard, Could you pass details on for this to me? need to pass our audit.

Created on Jul 2, 2017 9:32:50 PM by  amac (0)



Votes:

0

Your Vote:

Up

Down

You'd save yourselves a bit of work, and customers a bit of time having to register for a forum account, if you'd simply release a knowledgebase article. In the meantime, can you email me the instructions, please?

Created on Jul 3, 2017 9:03:46 AM by  RalphP (20) 1



Votes:

0

Your Vote:

Up

Down

I sent the instructions to both of you.

Best regards, Felix

Created on Jul 4, 2017 11:53:39 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I have the secret magic email too please.

Created on Jul 4, 2017 3:29:34 PM by  markyk (0)



Votes:

0

Your Vote:

Up

Down

Can I have the fix too please.

Created on Jul 4, 2017 3:34:21 PM by  Björn A Svensson (0)



Votes:

0

Your Vote:

Up

Down

The "Magic Mail" got sent. :)

Created on Jul 5, 2017 11:31:27 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

May I too have this magic to disable TLS 1.0? :)

Created on Jul 5, 2017 9:21:16 PM by  Gakusei (0) 1



Votes:

0

Your Vote:

Up

Down

Can I have the fix too please.

Created on Jul 7, 2017 12:52:36 PM by  Martin Hellmich (0)



Votes:

0

Your Vote:

Up

Down

Hello Martin,

You've got mail.

Kind regards,

Erhard

Created on Jul 11, 2017 8:56:57 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can some one send me the steps to disabling TLS 1.0

Created on Jul 13, 2017 4:54:16 PM by  Ernesto (70) 1 1



Votes:

0

Your Vote:

Up

Down

Hello Ernesto,

You've got mail.

Kind regards,

Erhard

Created on Jul 13, 2017 7:59:06 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I please also get this magic email to disable TLS 1.0?

Thanks!

Created on Jul 14, 2017 7:51:12 PM by  radumelnic (0)



Votes:

0

Your Vote:

Up

Down

Hello radumelnic,

Please check your emails.

Best,
Sebastian

Created on Jul 17, 2017 5:34:57 AM by  Sebastian Kniege [Paessler Support]



Votes:

0

Your Vote:

Up

Down

please send me the fix, also failing PCI scans as need to disable

•The following SSL/TLS cipher suites use Diffie-Hellman a prime modulus smaller than 2048 bits: •TLS 1.0 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits

•TLS 1.1 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits

Created on Jul 20, 2017 1:57:44 PM by  Mike Freestone (0)



Votes:

0

Your Vote:

Up

Down

We also need to disable tls 1.1 for PCI scanning

Created on Jul 20, 2017 2:57:47 PM by  Mike Freestone (0)



Votes:

0

Your Vote:

Up

Down

Hi Mike,

You've got mail.

Kind regards,

Erhard

Created on Jul 21, 2017 8:49:28 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Why hasn't the solution to disable TLS 1.0 not been posted publicly? It seems a little ridiculous that your emailing each individual customer with the solution. Can I please get this secret information update sent to me?

Created on Jul 26, 2017 7:43:21 PM by  unluck (20) 1



Votes:

0

Your Vote:

Up

Down

Can I get the email too?

Created on Jul 27, 2017 9:24:31 PM by  rcary (0)



Votes:

0

Your Vote:

Up

Down

@rcary: You've got mail.

@unluck: Point taken. Since the workaround has a few culprits like Enterprise Console not working anymore, we decided to not publish it and only give it out to people explicitly asking for it, you could have also sent us an email about it.

Thing is, depending on how it will be finally implemented later in PRTG, we might need to contact the users who have applied the "reghack" to adjust something (if necessary, you never know....).

By handling it like this, we can at least keep track of the people who were handed out the details so far.

Kind regards,

Erhard

Created on Jul 28, 2017 10:58:12 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We also need to disable TLSv1.0 - can I get the Mail? Steffen

Created on Aug 10, 2017 4:45:24 AM by  Steffen (18) 1



Votes:

0

Your Vote:

Up

Down

Hi Steffen,

You've got mail.

Kind regards,

Erhard

Created on Aug 10, 2017 7:31:36 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi,

Please can you send me the relevant info too?

Thanks,

Nik

Created on Aug 11, 2017 11:03:05 AM by  cryptonik (0)



Votes:

0

Your Vote:

Up

Down

Hi Nik,

Sure, mail's out.

Kind regards,

Erhard

Created on Aug 11, 2017 11:35:28 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I would like this super secret email please.

Created on Aug 12, 2017 3:07:31 AM by  pjs5406 (0)



Votes:

0

Your Vote:

Up

Down

Hello pjs5406,

You've got mail.

Kind regards,

Erhard

Created on Aug 14, 2017 12:07:23 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Please send us these instructions.

Created on Aug 15, 2017 8:41:51 PM by  kennethlibeson (0)



Votes:

0

Your Vote:

Up

Down

Hello Kenneth,

You've got mail.

Kind regards,

Erhard

Created on Aug 16, 2017 7:09:01 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

can i have the instructions please

Created on Sep 2, 2017 3:16:43 PM by  gberry11 (0)



Votes:

0

Your Vote:

Up

Down

Please also send the instructions to me.

Kind Regards, Thomas.

Created on Sep 5, 2017 8:59:03 AM by  Thomas (0) 1



Votes:

0

Your Vote:

Up

Down

Hi Thomas,

You've got mail.

Kind regards,

Erhard

Created on Sep 5, 2017 9:18:05 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can you send me this email?

Best regards, Ernest

Created on Sep 7, 2017 2:26:37 AM by  sav25-ernestclyde (0)



Votes:

0

Your Vote:

Up

Down

Hi Ernest,

Sure, you've got mail.

Kind regards,

Erhard

Created on Sep 7, 2017 7:32:46 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Could I also have the secret squirrel email please... :)

Created on Sep 11, 2017 10:41:08 AM by  michaelrouse (0)



Votes:

0

Your Vote:

Up

Down

Hi Michael,

Yes, you can ^^

Squirrel

Kind regards,

Erhard

Created on Sep 11, 2017 12:46:31 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I don't understand why the solution can't be posted but can you send me the method to disable TLS1.0. TLS1.0 fails PCI so this should be published for all...

Created on Sep 16, 2017 5:05:47 AM by  87racer (0)



Votes:

0

Your Vote:

Up

Down

Dear 87racer,

Mail's out and here's why we don't post the details publicly (yet).

Kind regards,

Erhard

Created on Sep 18, 2017 7:18:06 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello,

I would also like to have this email.

Thanks!

Created on Sep 18, 2017 4:13:35 PM by  Phil Bigler (0)



Votes:

0

Your Vote:

Up

Down

Hi Phil,

You've got mail.

Kind regards,

Erhard

Created on Sep 18, 2017 8:07:03 PM by  Erhard Mikulik [Paessler Support]

Last change on Sep 18, 2017 8:07:22 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I need the fix. Thanks in advance

Created on Sep 26, 2017 6:01:04 PM by  Manny (0)



Votes:

0

Your Vote:

Up

Down

Manny, you got mail as well.

Best regards, Felix

Created on Sep 26, 2017 7:08:25 PM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I please also have the TLS 1.0 disable fix ? Thanks

Created on Sep 27, 2017 1:52:00 PM by  unibe_sec_team (0)



Votes:

0

Your Vote:

Up

Down

Hi unibe_sec_team,

You've got mail.

Kind regards,

Erhard

Created on Sep 28, 2017 9:58:15 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I please also have the TLS 1.0 disable fix ? Thanks Its a pain for our PCI compliance

Created on Sep 29, 2017 4:10:12 AM by  waynelkl (0)



Votes:

0

Your Vote:

Up

Down

Hello Wayne,

You've got mail.

Kind regards,

Erhard

Created on Sep 29, 2017 1:35:10 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I please also have the TLS 1.0 disable fix ? Our PCI scans keep failing. Thanks

Created on Oct 2, 2017 3:01:57 PM by  Coop888 (0)



Votes:

0

Your Vote:

Up

Down

Hi Coop888,

You've got mail.

Kind regards,

Erhard

Created on Oct 2, 2017 5:42:48 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I get te mail also to disable TLSv1.0?

Kind regards,

Patrick

Created on Oct 4, 2017 10:31:49 PM by  Patrick Maurer (0)



Votes:

0

Your Vote:

Up

Down

Hi Patrick,

Sure, mail's out.

Kind regards,

Erhard

Created on Oct 5, 2017 3:11:29 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I need the instruction too. Regards, Michal

Created on Oct 9, 2017 8:18:09 AM by  pruscix (0)



Votes:

0

Your Vote:

Up

Down

Hello Michal,

You've got mail.

Kind regards,

Erhard

Created on Oct 9, 2017 12:40:00 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

I am running 17.3.32.2478 and need the instructions as well

Created on Oct 24, 2017 4:01:17 PM by  Hi-TexSolutions (0)



Votes:

0

Your Vote:

Up

Down

Hello Harleytek,

You've got mail.

Kind regards,

Erhard

Created on Oct 25, 2017 12:31:11 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi Erhard,

I'm running PRTG Network Monitor 17.3.33.2830+ do you have also an email for me, to disable TLS 1.0?

Kind Regards Michael

Created on Oct 26, 2017 12:48:12 PM by  Emschma (0)



Votes:

0

Your Vote:

Up

Down

Hi Michael,

Sure, mail's out.

Kind regards,

Erhard

Created on Oct 26, 2017 1:43:37 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello, i am amazed at the fact this thread is now 3 years old is mostly mailing out the solution. But alas, i too need this email please

Created on Nov 1, 2017 1:46:46 PM by  Samuel Ashdown (62) 1 1



Votes:

0

Your Vote:

Up

Down

You got mail Samuel.

Best regards, Felix

Created on Nov 1, 2017 4:57:26 PM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Please send me the solution.

Created on Nov 4, 2017 6:17:14 PM by  katmo (0)



Votes:

0

Your Vote:

Up

Down

Please send me the temporary fix also. Thank you, Tom

Created on Nov 9, 2017 2:44:56 PM by  thoff (0)



Votes:

0

Your Vote:

Up

Down

Hi guys, please send me the solution to disabling TLS1.0 thanks, Ross

Created on Nov 9, 2017 3:19:51 PM by  Ross Wunder (0) 1



Votes:

0

Your Vote:

Up

Down

Hello, would you be so kind to forward over the solution to the TLS1.0 fix? Thank you!

Created on Nov 14, 2017 7:39:34 PM by  Peter (50) 1 1



Votes:

0

Your Vote:

Up

Down

Please send me the fix for the solution to TLS 1.0 issue. Thanks! -Sam

Created on Nov 15, 2017 2:49:36 PM by  sambourque (0)



Votes:

0

Your Vote:

Up

Down

Hi Sam,

Youve got mail.

Kind regards,

Erhard

Created on Nov 15, 2017 3:18:00 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hi,

Please can you also send the solution to disable TL1.0

Many thanks

Best Regards, Carlo

Created on Nov 23, 2017 10:07:28 PM by  carloschriever (0)



Votes:

0

Your Vote:

Up

Down

Please send me the fix too! Thanks

Created on Nov 27, 2017 11:24:25 PM by  bulldoza (0)



Votes:

0

Your Vote:

Up

Down

May I have the mail also please?

Thanks,

Created on Dec 8, 2017 2:53:14 AM by  a4x4kiwi (1) 1



Votes:

0

Your Vote:

Up

Down

May I please get this email?

Created on Dec 13, 2017 6:03:18 PM by  FourWindsNetworkServices (0)



Votes:

0

Your Vote:

Up

Down

Please send me the email. Thanks

Created on Dec 13, 2017 9:33:49 PM by  mgladden (0)



Votes:

0

Your Vote:

Up

Down

Hi, Please can you also send the solution to disable TL1.0 Many thanks Best Regards, Dave

Created on Dec 14, 2017 9:47:47 AM by  Withers (0)



Votes:

0

Your Vote:

Up

Down

Hi, Please can you also send the solution to disable TL1.0

Thanks

Created on Dec 16, 2017 2:11:08 PM by  wweghorst (0)



Votes:

0

Your Vote:

Up

Down

Please send me the solution to disable TL1.0

Created on Jan 8, 2018 11:14:52 AM by  lucas (0)



Votes:

0

Your Vote:

Up

Down

Hi,

Please can you also send the solution to disable TL1.0 Need it for Windows (IIS), Ubuntu and Debian (apache2)

Thanks

Created on Jan 8, 2018 3:30:39 PM by  kranzfr3d (0)



Votes:

0

Your Vote:

Up

Down

Hi kranzfr3d,

I can send you instructions for how to disable TLS 1.0 for PRTG's webserver, not for other webservers. PRTG has a webserver of its own, it's neither IIS nor Apache based.

Kind regards,

Erhard

Created on Jan 9, 2018 9:43:31 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can you please intructions on how to disable TLS1.0 on the PRTG webserver. Thanks

Mahesh

Created on Jan 11, 2018 3:55:55 PM by  Mahesh (0)



Votes:

0

Your Vote:

Up

Down

Can I also get these instructions emailed. Thanks in advance.

Created on Jan 15, 2018 10:39:34 PM by  Radioman (0)



Votes:

0

Your Vote:

Up

Down

May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!

Created on Jan 19, 2018 3:58:36 AM by  fmiit (0)



Votes:

0

Your Vote:

Up

Down

Could we get the intructions also, please?

Thanks.

Created on Jan 23, 2018 5:04:56 PM by  intuitivltd (20) 1



Votes:

0

Your Vote:

Up

Down

May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!

Created on Feb 1, 2018 4:37:11 PM by  ttayl0 (0)



Votes:

0

Your Vote:

Up

Down

Can you please send me the instructions? Thanks!

Created on Feb 2, 2018 7:30:43 PM by  amy (0)



Votes:

0

Your Vote:

Up

Down

Dear PRTG team, can i also get the instructions to disable TLS1.0? thanks for this great tool!!!

Created on Feb 7, 2018 10:51:31 PM by  pablovazquez (0)



Votes:

0

Your Vote:

Up

Down

Dear PRTG Team,

can I also get instruction to Disable TSL1.0?

Thanks

Created on Feb 12, 2018 9:36:26 PM by  rserbia (0) 1



Votes:

0

Your Vote:

Up

Down

Please also send me the mystery email that disables TLS 1.0. We are also failing PCI scans. Thanks!

Created on Feb 14, 2018 7:37:00 PM by  mframpton (0)



Votes:

0

Your Vote:

Up

Down

Hi PRTG Team,

Please can I be sent the mystery secret email as well.

Thanks, Rick

Created on Feb 24, 2018 11:49:50 PM by  RickSargent (0)



Votes:

0

Your Vote:

Up

Down

I need the secret email too. Thanks

Created on Mar 2, 2018 9:06:44 PM by  ryanhedlof (0)



Votes:

0

Your Vote:

Up

Down

Is there any progress on being able to disable TLS 1.0 without it removing functionality?

Created on Jul 3, 2018 10:03:31 AM by  Martin (0)



Votes:

0

Your Vote:

Up

Down

Hi Martin,

The options to disable TLS1.0 will officially find their way into version 18.x.43 if all goes well (ETA August 2018), so there is no more tinkering with the registry required. What will not change is that Enterprise Console will no longer work with TLS1.0 disabled, as Enterprise Console is no longer under active development and will be replaced by Desktop Client that is already available for beta testing.

Kind regards,

Erhard

Created on Jul 3, 2018 10:24:39 AM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

As with many others, I too need to remove TLS1.0 from my PRTG probes and servers. May I please have the email detailing how to do this sent to me? Thank you.

Created on Aug 16, 2018 6:19:43 PM by  dmaxwell (0)



Votes:

0

Your Vote:

Up

Down

Hi there,

Sure, you'll receive the mail soon.

Best regards, Felix

Created on Aug 17, 2018 6:19:20 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Can I also have the super-secret email, please?

Created on Aug 17, 2018 4:53:48 PM by  Rob Moss (0)



Votes:

0

Your Vote:

Up

Down

18.3.43.x is now out - does this contain the fix or are we waiting for a different release?

Created on Aug 26, 2018 11:29:39 PM by  Mogz (30) 2



Votes:

0

Your Vote:

Up

Down

Please May I also have this Work Around .

Created on Aug 27, 2018 12:44:04 AM by  richardgordon42 (0)



Votes:

0

Your Vote:

Up

Down

PRTG version 18.x.43 does not yet contain the new webserver settings, it will be part in one of the upcoming releases though. Thanks for bearing with us!

Best regards, Felix

Created on Aug 27, 2018 5:49:50 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Hello

Could you please send me the email also please?

Thank you

Neville

Created on Sep 3, 2018 2:16:35 PM by  nbillimoria (0) 1



Votes:

0

Your Vote:

Up

Down

Can I please request the PRTG registry fix for tls 1.0?

Created on Sep 10, 2018 10:25:47 AM by  narayanadhikari (0) 1



Votes:

0

Your Vote:

Up

Down

Could I get the intructions also, please?

Best regards Michael

Created on Sep 11, 2018 11:57:00 PM by  Wolfskind (0)



Accepted Answer

Votes:

0

Your Vote:

Up

Down

Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.

Created on Sep 12, 2018 8:43:01 AM by  Erhard Mikulik [Paessler Support]

Last change on Sep 24, 2018 2:13:01 PM by  Erhard Mikulik [Paessler Support]



Votes:

0

Your Vote:

Up

Down

Could i please get the email for the "fix"

Created on Sep 19, 2018 3:48:03 PM by  markeh (0)



Votes:

0

Your Vote:

Up

Down

Hi support can i have email with fix?

Thx

Created on Jan 24, 2019 8:58:37 AM by  vdafcik (0)



Votes:

0

Your Vote:

Up

Down

It's already integrated in the latest version of PRTG, update you instance and change the settings via the Setup > System Administration > Web Interface page.


Kind regards,
Felix Saure, Tech Support Team

Created on Jan 24, 2019 9:50:53 AM by  Felix Saure [Paessler Support]



Votes:

0

Your Vote:

Up

Down

We are on version 19.2.50.2842. If I go to Setup -> System Admin -> User Interface -> Web Interface, the setting there for "High Security" still allows TLS 1.1, i.e.:

High security (TLS 1.1, TLS 1.2)

This issue arose in August 2015. Can we please get a serious response to this need?

Created on Nov 13, 2019 5:45:13 PM by  doug-fsu (0) 1



Votes:

0

Your Vote:

Up

Down

Dong,

Can you please update to the latest version of PRTG?

Benjamin Day
Paessler Support

Created on Nov 14, 2019 2:11:43 AM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. This server supports TLS 1.1. Grade capped to B.

What is the timeline to be able to turn off TLS 1.1 and the weaker DH keys? Running latest version: PRTG Network Monitor 19.4.54.1506 x64

Created on Feb 12, 2020 6:53:47 PM by  Belz (0) 1



Votes:

0

Your Vote:

Up

Down

Belz,

Setup > System Administration > User Interface > Web Server > Connection Security" setting.
This needs to be set as "Default Security" or "High Security" in order to only accept TLS 1.2 encryption.
This is in the latest stable release of PRTG, 20.1.55.1775.

Benjamin Day
Technical Support

Created on Feb 14, 2020 2:36:32 AM by  Benjamin Day [Paessler Support] (1,441) 2 1

Last change on Feb 14, 2020 2:39:52 AM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

We are running 20.1.56.1547+, and are set to High Security, but the weak keys are still being used. Grade from SSLLABS still capped at a B due to that. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp384r1 (eq. 7680 bits RSA) FS 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS 256

Timeline for the weak keys to be disabled/remove, or at least have a toggle as to which keys to allow?

Created on Mar 3, 2020 8:08:04 PM by  Belz (0) 1



Votes:

0

Your Vote:

Up

Down

Hello

I'm in version 20.1.55.1775. set the connection security to high security TLS1.2 but I still get TLS1.0 and 1.1 enabled. Any way to solve this?

Regards Ricardo

Created on Apr 7, 2020 5:02:37 PM by  RicardoFernandes (0)



Votes:

0

Your Vote:

Up

Down

Ricardo

Please update to the latest version of PRTG, 20.1.57, and try if this still persists, please open a support ticket.

Benjamin Day
Paessler Support

Created on Apr 8, 2020 4:56:06 PM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

i got the same issue, what is the secret to solve this ? High security (TLS 1.2) acitvated

SSLABS ->
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

and i'm running PRTG Network Monitor 20.3.60.1623 x64

regards, Jannick

Created on Sep 30, 2020 7:38:10 AM by  jannick (0)

Last change on Sep 30, 2020 9:11:13 PM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

Jannick,

Can you please update to the latest stable release of PRTG, and try this again?

Benjamin Day
[Paessler Support]

Created on Sep 30, 2020 9:11:53 PM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

May I please get the email on disabling TLS 1.0 for version 14.3. we have it running just for ICMP polling on an environment and no need to upgrade at this time.

Created on Dec 17, 2020 8:34:07 PM by  Miguel Balderas (10) 1



Votes:

0

Your Vote:

Up

Down

Miguel,

At this time we only support versions with active maintenance and released within the last calendar year.

Benjamin Day
[Paessler Support]

Created on Dec 18, 2020 9:28:16 PM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

Hi Could i have the hidden fix as this is also causing me issues with pci compliance

Created on Jul 19, 2022 9:17:33 PM by  Vincerogers (0) 1



Votes:

0

Your Vote:

Up

Down

Vince,

In the current stable release of PRTG, the default web server security setting is to use only TLS 1.2. So as long as you're running version 22.2.77, you should be good to go.

Benjamin Day
[Paessler Support]

Created on Jul 20, 2022 2:21:19 PM by  Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Your Vote:

Up

Down

Hi, may I have the magic fix to disable tls1.0 on older PRTG too? Thanks.

Created on May 23, 2023 8:43:05 AM by  AllanC (0)




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.