What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general.

Learn more

PRTG Network Monitor

Intuitive to Use. Easy to manage.
More than 500,000 users rely on Paessler PRTG every day. Find out how you can reduce cost, increase QoS and ease planning, as well.

Free Download

Top Tags


View all Tags

Is there a way to disable SSLv3 and TLSv1.0 support for the PRTG Web server? And can I disable the S

Votes:

0

We keep failing PCI DSS external network scans because they detect that SSLv3 and TLSv1.0 are supported by the PRTG Web server, as well as the PRTG Demo Certificate still using the SHA-1 signature algorithm. Is it possible to disable support for these protocols/algorithm?

pci ssl ssl-certificate tls

Created on Aug 30, 2015 4:12:16 AM



Best Answer

Accepted Answer

Votes:

0

Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.

Created on Sep 12, 2018 8:43:01 AM by Erhard Mikulik [Paessler Support]

Last change on Sep 24, 2018 2:13:01 PM by Erhard Mikulik [Paessler Support]



197 Replies

Votes:

0

Hi Matt,

PRTG supports SSL connections via TLS 1.2 since version 14.x.12 or later. If you are using an older version, update to the latest release to enable the new security features.

For more detailed information, please have a look at the PRTG Network Monitor Security Features

Best regards, Felix

Created on Aug 31, 2015 8:00:34 AM by Felix Saure [Paessler Support]



Votes:

0

Felix,

I'm on the current version (15.3.18.3616). I know it supports the newer versions, my problem is that it also still supports the old versions. I need PRTG to not support the old versions.

In searching for an answer, I found a webpage that listed a fix from you that I couldn't find in the Paessler KB. It references "OverrideSSLVersion" and "OverrideSSLCipher" registry entries. Would these be a possible solution for removing SSLv3 and TLSv1.0 support from my PRTG installation?

Created on Aug 31, 2015 9:12:35 PM



Votes:

1

Hi,

This won't be necessary as the webserver rejects SSLv3 connections. Please check the Setup > System Administration > User Interface > Web Server > SSL Security" setting. This needs to be set as "High Security" in order to only accept TLS 1.2 encryption.

Best regards

Created on Sep 1, 2015 4:10:57 AM by Felix Saure [Paessler Support]



Votes:

0

I made the suggested setting change and it would appear that TLS1.0 is still supported. Running a scan on https://www.ssllabs.com/ssltest, as well as the scan run by our payment processor both show that TLS 1.2, 1.1, and 1.0 are all supported. However, SSL 2 and 3 have been successfully disabled.

Created on Sep 11, 2015 12:26:17 AM



Votes:

0

Hi Matt,

I just discussed this case with our development and you are correct, TLS 1.0 and TLS 1.1 connections are accepted by the PRTG webserver within the current version of PRTG.

Best regards, Felix

Created on Sep 15, 2015 6:44:00 AM by Felix Saure [Paessler Support]



Votes:

0

So is there a way I can disable TLS 1.0?

Created on Sep 15, 2015 5:32:06 PM



Votes:

0

We are currently working on a solution to block TLS 1.0. Meanwhile, this needs to either be configured on a firewall or the client machines. You might want to follow This Article to disable TLS 1.0 in the web browser. Please bear with us.

Best regards, Felix

Created on Sep 16, 2015 9:40:23 AM by Felix Saure [Paessler Support]



Votes:

0

Has there been any update to this issue? We are running into the same issue, preventing us from passing our PCI-DSS Penetration Test?

Created on Dec 23, 2015 10:09:39 PM



Votes:

0

Hi,

TLS 1.0 connections still need to be disabled on the client machine or within a firewall inbetween, sorry.

Best regards,

Created on Dec 28, 2015 6:17:42 AM by Felix Saure [Paessler Support]



Votes:

0

any update on this?

Created on May 26, 2016 4:28:46 PM



Votes:

0

Dear Kube,

I'm afraid that we don't have an update yet.

Best regards, Felix

Created on May 27, 2016 5:22:20 AM by Felix Saure [Paessler Support]



Votes:

0

Hi team. Has there been any movement on this? This issue is now nearly 1 year old and failing PCI scans is becoming harder to justify for such a simple issue.

Created on Aug 19, 2016 5:50:11 AM



Votes:

0

Hi Andre,

It's currently being worked on to be released later this year in case all goes well.

Kind regards.

Created on Aug 22, 2016 11:14:42 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi, do you have any updated ETA on this? Since the SSL Security Check sensor in PRTG itself now is flagging TLSv1 as Weak, I have no way of correcting this warning without removing the remote monitoring of our PRTG installation.

Created on Oct 11, 2016 8:49:04 AM



Votes:

0

Hi runnane,

Yes, we just released 16.4.27.6720 where you can change how the sensor rates TLS 1.0.

Do an update check in PRTG and install the new version, then you can apply the new settings.

Kind regards,

Erhard

Created on Oct 11, 2016 10:10:33 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Dear PRTG,

Are you serious? You determine TLS 1.0 as weak but don't support deactivating it in your own software??? And your solution is to manipulate the rating?

Wow...

Created on Oct 12, 2016 6:45:33 AM



Votes:

0

Dear Dennis,

Of course we are aware of the irony. Just to be clear: This workaround has not been implemented due to the circumstance that PRTG does not support deactivating TLS 1.0 for its own webserver at the moment.

The thing is, there are many users out there and while some need the sensor to sound the alarm when TLS1.0 is supported, others do not want this or at least not for every device for several reasons. Now instead of instructing how to tinker manually with the used lookups in the sensor, we decided to provide alternate lookups ourselves to switch the behavior. Otherwise -once you use selfmade lookups- future changes to the sensor may not work because of the custom lookups.

As for "our homework" regarding TLS1.0: We are working on deactivating TLS 1.0 for PRTG, but it's a little more complicated than just flicking a switch since there are several dependencies around that which have further implications that might even break certain sensors if we would just shut off TLS1.0.

Kind regards,

Erhard

Created on Oct 13, 2016 3:31:32 PM by Erhard Mikulik [Paessler Support]

Last change on Oct 13, 2016 3:35:57 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi,

Is there an update to this? Or a time-frame at the least? We also require this.

Created on Jan 31, 2017 11:44:48 PM



Votes:

0

Hi Matt,

You're got mail.

Kind regards,

Erhard

Created on Feb 1, 2017 1:40:09 PM by Erhard Mikulik [Paessler Support]

Last change on Feb 1, 2017 1:40:22 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard,

we are also interested for a update or a solution.

Thank You.

Best regards, Sebastian

Created on Feb 3, 2017 3:58:24 PM



Votes:

0

@Sebastian: You've got mail.

Kind regards,

Erhard

Created on Feb 6, 2017 8:59:28 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi guys. Any update on this? PRTG is causing my PCI scan to fail and I really need to disable TLS1.0 and SSL3.

Created on Feb 7, 2017 12:35:42 AM



Votes:

0

Hi Andre,

You too have got mail.

Kind regards,

Erhard

Created on Feb 7, 2017 12:16:36 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Could i get mail as well regarding this issue? Thanks

Created on Feb 7, 2017 5:49:16 PM



Votes:

0

Hi Matt,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 8, 2017 7:30:58 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard,

I'm also interested in a solution to disable TLS 1.0

Regards.

Created on Feb 17, 2017 1:18:40 PM



Votes:

0

Hi Bruno,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 17, 2017 2:00:35 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard, I also need a solution to disable TLS 1.0. Best,

Created on Feb 18, 2017 9:18:51 AM



Votes:

0

Hi Erhards. May I also get a solution to disable TLS1.0 on my system? Thank you, best regards.

Created on Feb 22, 2017 7:14:27 AM



Votes:

0

Hi jvazac,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 22, 2017 8:16:54 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard, I would also like this solution. Thanks.

Created on Feb 22, 2017 4:14:39 PM



Votes:

0

Hi ebeville,

Sure, you've got mail.

Kind regards,

Erhard

Created on Feb 23, 2017 11:49:19 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi,

Would it be possible to receive the solution as well please?

Many Thanks,

Aston

Created on Mar 1, 2017 4:04:03 PM



Votes:

0

Please keep working on a solution. Cert scans are failing on PRTG. I can't pass PCI DSS this year if I also run PRTG. Also put me on the mailing list. Thanks

Created on Mar 1, 2017 7:16:52 PM



Votes:

0

Hello Aston, hello lwdbos,

Both of you got mail to your email addresses used for registering in our knowledgebase.

Kind regards,

Erhard

Created on Mar 2, 2017 12:09:42 PM by Erhard Mikulik [Paessler Support]



Votes:

0

We also need to disable TLS1 and 1.1 as we are being dinged on 3rd party security scans required for our audit.

Created on Mar 6, 2017 8:45:14 PM



Votes:

0

Hello Cory,

You've got mail.

Kind regards,

Erhard

Created on Mar 8, 2017 9:29:25 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Can I please have the solution to this as also failing PCI

Created on Mar 8, 2017 12:04:55 PM



Votes:

0

Hello Dan,

And you too have got mail.

Kind regards,

Erhard

Created on Mar 8, 2017 2:16:27 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I need to remove TLS 1.0 as well. Would you please email me the information ? Thanks

Created on Mar 13, 2017 7:32:04 PM



Votes:

0

Can i get this as well. thanks

Created on Mar 13, 2017 7:50:35 PM



Votes:

0

@wdkunkin & kube1984: You've got mail.

Kind regards,

Erhard

Created on Mar 14, 2017 10:01:24 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi, can you please help me as well?? I need to pass our audit!

Created on Mar 16, 2017 2:37:32 PM



Votes:

0

Dear Tan, because we are already in email contact with you, I suggest to keep on that communication source.

Best,
Sebastian

Created on Mar 17, 2017 6:37:36 AM by Sebastian Kniege [Paessler Support]



Votes:

0

Hi. I'd be interested in how we can disable TLS 1.0.

Created on Mar 28, 2017 12:18:10 PM



Votes:

0

Hi mchapman,

You've got mail.

Kind regards,

Erhard

Created on Mar 28, 2017 2:54:06 PM by Erhard Mikulik [Paessler Support]



Votes:

0

We are also facing PCI DSS and need to disable. Can I please get the e-mail? /Andreas

Created on Mar 29, 2017 2:32:29 PM



Votes:

0

Hello Andreas,

Sure, mail just went out.

Kind regards,

Erhard

Created on Mar 29, 2017 2:45:41 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi, Please also send me the email.

Created on Apr 5, 2017 10:54:42 AM



Votes:

0

My InfoSec team just said this server is causing us to fail our PCI external scans. Any update on this capability being built in yet or can I get the email that seems to have a solution?

Created on Apr 17, 2017 2:20:32 PM



Votes:

0

Check your mailbox TCS-Obrien, you got mail.

Created on Apr 17, 2017 4:40:03 PM by Felix Saure [Paessler Support]



Votes:

0

So, why don't we just post the solution instead of sending individual emails? I'm failing security scans too since I can't disable TLS 1.0 on PRTG.

Created on Apr 18, 2017 11:15:47 PM



Votes:

0

Please can you also send the solution to disable TL1.0

thanks

Created on Apr 20, 2017 2:40:46 PM



Votes:

0

We would also like the solution. Could you please email it to me as well? Thank you.

Created on Apr 20, 2017 9:13:18 PM



Votes:

0

Can I also receive this email...

Created on Apr 21, 2017 4:07:50 PM



Votes:

0

Another request for the secret email, please!

Created on Apr 24, 2017 5:42:51 PM



Votes:

0

Everybody should have received the instructions, otherwise please let us know in case we overlooked someone.

Kind regards,

Erhard

Created on Apr 25, 2017 8:11:37 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hello Erhard,

Could I have this mystery email also? :-)

Thanks in advance!

Regards Mikkel

Created on May 4, 2017 7:18:31 PM



Votes:

0

Hi Mikkel,

Erhard is not here today, but I just sent the information. :)

Best regards, Felix

Created on May 5, 2017 8:34:45 AM by Felix Saure [Paessler Support]



Votes:

0

Can I also be sent the fix? Thanks

Created on May 9, 2017 4:08:20 PM



Votes:

0

Hi mspitz,

You've got mail.

Kind regards,

Erhard

Created on May 9, 2017 7:14:22 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Please, forward the email to me also.

Thanks,

Hans

Created on May 26, 2017 4:10:18 PM



Votes:

0

Can I have the fix too please.

Created on May 28, 2017 9:16:25 PM



Votes:

0

Craig & Hans, you've got mail.

Kind regards,

Erhard

Created on May 29, 2017 11:23:52 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard,

I need your email also ;-)

Thanks, Rainer

Created on May 30, 2017 1:08:39 PM



Votes:

0

Can I have the fix too please.

Created on May 30, 2017 1:41:08 PM



Votes:

0

Please can you send me the fix - I need TLS1.0 to be gone from my systems.

thanks.

Created on Jun 1, 2017 10:50:01 AM



Votes:

0

Hello Phil,

You've got mail.

Kind regards,

Erhard

Created on Jun 1, 2017 12:50:06 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I would also like the fix.

Thank you.

Created on Jun 5, 2017 3:58:02 PM



Votes:

0

Hello Brian,

You've got mail.

Kind regards,

Erhard

Created on Jun 5, 2017 4:09:15 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Could you send me the fix to?

Kind regards, Jeroen

Created on Jun 6, 2017 8:32:00 AM



Votes:

0

Hello Jeroen,

You've got mail.

Kind regards,

Erhard

Created on Jun 6, 2017 8:43:03 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard, I need your email also to disable TLS 1.0 ;-) Thanks, Nathan

Created on Jun 8, 2017 2:25:22 AM



Votes:

0

Hi Nathan,

Sure, you've got mail.

Kind regards,

Erhard

Created on Jun 8, 2017 9:27:48 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard, I'd like this too.

thanks, Bruce.

Created on Jun 8, 2017 11:10:29 AM



Votes:

0

Hi Bruce,

Mail's out.

Kind regards,

Erhard

Created on Jun 8, 2017 3:00:15 PM by Erhard Mikulik [Paessler Support]



Votes:

0

We need to solution to disable TLS 1.0 on PRTG. Thanks

Created on Jun 10, 2017 1:55:06 AM



Votes:

0

Hello cheejack_ng,

You've got mail.

Kind regards,

Erhard

Created on Jun 12, 2017 6:37:49 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard,

can you share that with me as well?

Created on Jun 15, 2017 3:43:31 AM



Votes:

0

Hi unraveller,

Yes, I can and I just did (mail's out) :)

Kind regards,

Erhard

Created on Jun 16, 2017 8:08:13 AM by Erhard Mikulik [Paessler Support]



Votes:

0

I would like instructions on how to disable tls 1.0.

Created on Jun 19, 2017 4:01:28 PM



Votes:

0

Hello dquick,

You've got mail.

Kind regards,

Erhard

Created on Jun 20, 2017 6:27:51 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi, Please could you send the instruction to myself as well?

Thanks Mark

Created on Jun 21, 2017 4:31:09 PM



Votes:

0

Can I also get the instructions how to disable TLS 1.0 please? many thanks

Created on Jun 22, 2017 8:32:56 AM



Votes:

0

One more for these secret cannot be posted instructions.

Created on Jun 26, 2017 5:09:33 PM



Votes:

0

Hi Erhard, Could you pass details on for this to me? need to pass our audit.

Created on Jul 2, 2017 9:32:50 PM



Votes:

0

You'd save yourselves a bit of work, and customers a bit of time having to register for a forum account, if you'd simply release a knowledgebase article. In the meantime, can you email me the instructions, please?

Created on Jul 3, 2017 9:03:46 AM



Votes:

0

I sent the instructions to both of you.

Best regards, Felix

Created on Jul 4, 2017 11:53:39 AM by Felix Saure [Paessler Support]



Votes:

0

Can I have the secret magic email too please.

Created on Jul 4, 2017 3:29:34 PM



Votes:

0

Can I have the fix too please.

Created on Jul 4, 2017 3:34:21 PM



Votes:

0

The "Magic Mail" got sent. :)

Created on Jul 5, 2017 11:31:27 AM by Felix Saure [Paessler Support]



Votes:

0

May I too have this magic to disable TLS 1.0? :)

Created on Jul 5, 2017 9:21:16 PM



Votes:

0

Can I have the fix too please.

Created on Jul 7, 2017 12:52:36 PM



Votes:

0

Hello Martin,

You've got mail.

Kind regards,

Erhard

Created on Jul 11, 2017 8:56:57 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Can some one send me the steps to disabling TLS 1.0

Created on Jul 13, 2017 4:54:16 PM



Votes:

0

Hello Ernesto,

You've got mail.

Kind regards,

Erhard

Created on Jul 13, 2017 7:59:06 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Can I please also get this magic email to disable TLS 1.0?

Thanks!

Created on Jul 14, 2017 7:51:12 PM



Votes:

0

Hello radumelnic,

Please check your emails.

Best,
Sebastian

Created on Jul 17, 2017 5:34:57 AM by Sebastian Kniege [Paessler Support]



Votes:

0

please send me the fix, also failing PCI scans as need to disable

•The following SSL/TLS cipher suites use Diffie-Hellman a prime modulus smaller than 2048 bits: •TLS 1.0 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits

•TLS 1.1 ciphers: •TLS_DHE_RSA_WITH_AES_256_CBC_SHA with a Diffie-Hellman prime modulus of 1024 bits

Created on Jul 20, 2017 1:57:44 PM



Votes:

0

We also need to disable tls 1.1 for PCI scanning

Created on Jul 20, 2017 2:57:47 PM



Votes:

0

Hi Mike,

You've got mail.

Kind regards,

Erhard

Created on Jul 21, 2017 8:49:28 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Why hasn't the solution to disable TLS 1.0 not been posted publicly? It seems a little ridiculous that your emailing each individual customer with the solution. Can I please get this secret information update sent to me?

Created on Jul 26, 2017 7:43:21 PM



Votes:

0

Can I get the email too?

Created on Jul 27, 2017 9:24:31 PM



Votes:

0

@rcary: You've got mail.

@unluck: Point taken. Since the workaround has a few culprits like Enterprise Console not working anymore, we decided to not publish it and only give it out to people explicitly asking for it, you could have also sent us an email about it.

Thing is, depending on how it will be finally implemented later in PRTG, we might need to contact the users who have applied the "reghack" to adjust something (if necessary, you never know....).

By handling it like this, we can at least keep track of the people who were handed out the details so far.

Kind regards,

Erhard

Created on Jul 28, 2017 10:58:12 AM by Erhard Mikulik [Paessler Support]



Votes:

0

We also need to disable TLSv1.0 - can I get the Mail? Steffen

Created on Aug 10, 2017 4:45:24 AM



Votes:

0

Hi Steffen,

You've got mail.

Kind regards,

Erhard

Created on Aug 10, 2017 7:31:36 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi,

Please can you send me the relevant info too?

Thanks,

Nik

Created on Aug 11, 2017 11:03:05 AM



Votes:

0

Hi Nik,

Sure, mail's out.

Kind regards,

Erhard

Created on Aug 11, 2017 11:35:28 AM by Erhard Mikulik [Paessler Support]



Votes:

0

I would like this super secret email please.

Created on Aug 12, 2017 3:07:31 AM



Votes:

0

Hello pjs5406,

You've got mail.

Kind regards,

Erhard

Created on Aug 14, 2017 12:07:23 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Please send us these instructions.

Created on Aug 15, 2017 8:41:51 PM



Votes:

0

Hello Kenneth,

You've got mail.

Kind regards,

Erhard

Created on Aug 16, 2017 7:09:01 AM by Erhard Mikulik [Paessler Support]



Votes:

0

can i have the instructions please

Created on Sep 2, 2017 3:16:43 PM



Votes:

0

Please also send the instructions to me.

Kind Regards, Thomas.

Created on Sep 5, 2017 8:59:03 AM



Votes:

0

Hi Thomas,

You've got mail.

Kind regards,

Erhard

Created on Sep 5, 2017 9:18:05 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Can you send me this email?

Best regards, Ernest

Created on Sep 7, 2017 2:26:37 AM



Votes:

0

Hi Ernest,

Sure, you've got mail.

Kind regards,

Erhard

Created on Sep 7, 2017 7:32:46 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Could I also have the secret squirrel email please... :)

Created on Sep 11, 2017 10:41:08 AM



Votes:

0

Hi Michael,

Yes, you can ^^

Squirrel

Kind regards,

Erhard

Created on Sep 11, 2017 12:46:31 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I don't understand why the solution can't be posted but can you send me the method to disable TLS1.0. TLS1.0 fails PCI so this should be published for all...

Created on Sep 16, 2017 5:05:47 AM



Votes:

0

Dear 87racer,

Mail's out and here's why we don't post the details publicly (yet).

Kind regards,

Erhard

Created on Sep 18, 2017 7:18:06 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Hello,

I would also like to have this email.

Thanks!

Created on Sep 18, 2017 4:13:35 PM



Votes:

0

Hi Phil,

You've got mail.

Kind regards,

Erhard

Created on Sep 18, 2017 8:07:03 PM by Erhard Mikulik [Paessler Support]

Last change on Sep 18, 2017 8:07:22 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I need the fix. Thanks in advance

Created on Sep 26, 2017 6:01:04 PM



Votes:

0

Manny, you got mail as well.

Best regards, Felix

Created on Sep 26, 2017 7:08:25 PM by Felix Saure [Paessler Support]



Votes:

0

Can I please also have the TLS 1.0 disable fix ? Thanks

Created on Sep 27, 2017 1:52:00 PM



Votes:

0

Hi unibe_sec_team,

You've got mail.

Kind regards,

Erhard

Created on Sep 28, 2017 9:58:15 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Can I please also have the TLS 1.0 disable fix ? Thanks Its a pain for our PCI compliance

Created on Sep 29, 2017 4:10:12 AM



Votes:

0

Hello Wayne,

You've got mail.

Kind regards,

Erhard

Created on Sep 29, 2017 1:35:10 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Can I please also have the TLS 1.0 disable fix ? Our PCI scans keep failing. Thanks

Created on Oct 2, 2017 3:01:57 PM



Votes:

0

Hi Coop888,

You've got mail.

Kind regards,

Erhard

Created on Oct 2, 2017 5:42:48 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Can I get te mail also to disable TLSv1.0?

Kind regards,

Patrick

Created on Oct 4, 2017 10:31:49 PM



Votes:

0

Hi Patrick,

Sure, mail's out.

Kind regards,

Erhard

Created on Oct 5, 2017 3:11:29 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I need the instruction too. Regards, Michal

Created on Oct 9, 2017 8:18:09 AM



Votes:

0

Hello Michal,

You've got mail.

Kind regards,

Erhard

Created on Oct 9, 2017 12:40:00 PM by Erhard Mikulik [Paessler Support]



Votes:

0

I am running 17.3.32.2478 and need the instructions as well

Created on Oct 24, 2017 4:01:17 PM



Votes:

0

Hello Harleytek,

You've got mail.

Kind regards,

Erhard

Created on Oct 25, 2017 12:31:11 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi Erhard,

I'm running PRTG Network Monitor 17.3.33.2830+ do you have also an email for me, to disable TLS 1.0?

Kind Regards Michael

Created on Oct 26, 2017 12:48:12 PM



Votes:

0

Hi Michael,

Sure, mail's out.

Kind regards,

Erhard

Created on Oct 26, 2017 1:43:37 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hello, i am amazed at the fact this thread is now 3 years old is mostly mailing out the solution. But alas, i too need this email please

Created on Nov 1, 2017 1:46:46 PM



Votes:

0

You got mail Samuel.

Best regards, Felix

Created on Nov 1, 2017 4:57:26 PM by Felix Saure [Paessler Support]



Votes:

0

Please send me the solution.

Created on Nov 4, 2017 6:17:14 PM



Votes:

0

Please send me the temporary fix also. Thank you, Tom

Created on Nov 9, 2017 2:44:56 PM



Votes:

0

Hi guys, please send me the solution to disabling TLS1.0 thanks, Ross

Created on Nov 9, 2017 3:19:51 PM



Votes:

0

Hello, would you be so kind to forward over the solution to the TLS1.0 fix? Thank you!

Created on Nov 14, 2017 7:39:34 PM



Votes:

0

Please send me the fix for the solution to TLS 1.0 issue. Thanks! -Sam

Created on Nov 15, 2017 2:49:36 PM



Votes:

0

Hi Sam,

Youve got mail.

Kind regards,

Erhard

Created on Nov 15, 2017 3:18:00 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Hi,

Please can you also send the solution to disable TL1.0

Many thanks

Best Regards, Carlo

Created on Nov 23, 2017 10:07:28 PM



Votes:

0

Please send me the fix too! Thanks

Created on Nov 27, 2017 11:24:25 PM



Votes:

0

May I have the mail also please?

Thanks,

Created on Dec 8, 2017 2:53:14 AM



Votes:

0

May I please get this email?

Created on Dec 13, 2017 6:03:18 PM



Votes:

0

Please send me the email. Thanks

Created on Dec 13, 2017 9:33:49 PM



Votes:

0

Hi, Please can you also send the solution to disable TL1.0 Many thanks Best Regards, Dave

Created on Dec 14, 2017 9:47:47 AM



Votes:

0

Hi, Please can you also send the solution to disable TL1.0

Thanks

Created on Dec 16, 2017 2:11:08 PM



Votes:

0

Please send me the solution to disable TL1.0

Created on Jan 8, 2018 11:14:52 AM



Votes:

0

Hi,

Please can you also send the solution to disable TL1.0 Need it for Windows (IIS), Ubuntu and Debian (apache2)

Thanks

Created on Jan 8, 2018 3:30:39 PM



Votes:

0

Hi kranzfr3d,

I can send you instructions for how to disable TLS 1.0 for PRTG's webserver, not for other webservers. PRTG has a webserver of its own, it's neither IIS nor Apache based.

Kind regards,

Erhard

Created on Jan 9, 2018 9:43:31 AM by Erhard Mikulik [Paessler Support]



Votes:

0

Can you please intructions on how to disable TLS1.0 on the PRTG webserver. Thanks

Mahesh

Created on Jan 11, 2018 3:55:55 PM



Votes:

0

Can I also get these instructions emailed. Thanks in advance.

Created on Jan 15, 2018 10:39:34 PM



Votes:

0

May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!

Created on Jan 19, 2018 3:58:36 AM



Votes:

0

Could we get the intructions also, please?

Thanks.

Created on Jan 23, 2018 5:04:56 PM



Votes:

0

May I please have the secret recipe to disable TLS 1.0 and SSLv3? Thanks!

Created on Feb 1, 2018 4:37:11 PM



Votes:

0

Can you please send me the instructions? Thanks!

Created on Feb 2, 2018 7:30:43 PM



Votes:

0

Dear PRTG team, can i also get the instructions to disable TLS1.0? thanks for this great tool!!!

Created on Feb 7, 2018 10:51:31 PM



Votes:

0

Dear PRTG Team,

can I also get instruction to Disable TSL1.0?

Thanks

Created on Feb 12, 2018 9:36:26 PM



Votes:

0

Please also send me the mystery email that disables TLS 1.0. We are also failing PCI scans. Thanks!

Created on Feb 14, 2018 7:37:00 PM



Votes:

0

Hi PRTG Team,

Please can I be sent the mystery secret email as well.

Thanks, Rick

Created on Feb 24, 2018 11:49:50 PM



Votes:

0

I need the secret email too. Thanks

Created on Mar 2, 2018 9:06:44 PM



Votes:

0

Is there any progress on being able to disable TLS 1.0 without it removing functionality?

Created on Jul 3, 2018 10:03:31 AM



Votes:

0

Hi Martin,

The options to disable TLS1.0 will officially find their way into version 18.x.43 if all goes well (ETA August 2018), so there is no more tinkering with the registry required. What will not change is that Enterprise Console will no longer work with TLS1.0 disabled, as Enterprise Console is no longer under active development and will be replaced by Desktop Client that is already available for beta testing.

Kind regards,

Erhard

Created on Jul 3, 2018 10:24:39 AM by Erhard Mikulik [Paessler Support]



Votes:

0

As with many others, I too need to remove TLS1.0 from my PRTG probes and servers. May I please have the email detailing how to do this sent to me? Thank you.

Created on Aug 16, 2018 6:19:43 PM



Votes:

0

Hi there,

Sure, you'll receive the mail soon.

Best regards, Felix

Created on Aug 17, 2018 6:19:20 AM by Felix Saure [Paessler Support]



Votes:

0

Can I also have the super-secret email, please?

Created on Aug 17, 2018 4:53:48 PM



Votes:

0

18.3.43.x is now out - does this contain the fix or are we waiting for a different release?

Created on Aug 26, 2018 11:29:39 PM



Votes:

0

Please May I also have this Work Around .

Created on Aug 27, 2018 12:44:04 AM



Votes:

0

PRTG version 18.x.43 does not yet contain the new webserver settings, it will be part in one of the upcoming releases though. Thanks for bearing with us!

Best regards, Felix

Created on Aug 27, 2018 5:49:50 AM by Felix Saure [Paessler Support]



Votes:

0

Hello

Could you please send me the email also please?

Thank you

Neville

Created on Sep 3, 2018 2:16:35 PM



Votes:

0

Can I please request the PRTG registry fix for tls 1.0?

Created on Sep 10, 2018 10:25:47 AM



Votes:

0

Could I get the intructions also, please?

Best regards Michael

Created on Sep 11, 2018 11:57:00 PM



Accepted Answer

Votes:

0

Option for disabling TLS1.0 is now available starting with version 18.3.44.2054.

Created on Sep 12, 2018 8:43:01 AM by Erhard Mikulik [Paessler Support]

Last change on Sep 24, 2018 2:13:01 PM by Erhard Mikulik [Paessler Support]



Votes:

0

Could i please get the email for the "fix"

Created on Sep 19, 2018 3:48:03 PM



Votes:

0

Hi support can i have email with fix?

Thx

Created on Jan 24, 2019 8:58:37 AM



Votes:

0

It's already integrated in the latest version of PRTG, update you instance and change the settings via the Setup > System Administration > Web Interface page.

Kind regards,
Felix Saure, Tech Support Team

Created on Jan 24, 2019 9:50:53 AM by Felix Saure [Paessler Support]



Votes:

0

We are on version 19.2.50.2842. If I go to Setup -> System Admin -> User Interface -> Web Interface, the setting there for "High Security" still allows TLS 1.1, i.e.:

High security (TLS 1.1, TLS 1.2)

This issue arose in August 2015. Can we please get a serious response to this need?

Created on Nov 13, 2019 5:45:13 PM



Votes:

0

Dong,

Can you please update to the latest version of PRTG?

Benjamin Day
Paessler Support

Created on Nov 14, 2019 2:11:43 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade capped to B. This server supports TLS 1.1. Grade capped to B.

What is the timeline to be able to turn off TLS 1.1 and the weaker DH keys? Running latest version: PRTG Network Monitor 19.4.54.1506 x64

Created on Feb 12, 2020 6:53:47 PM



Votes:

0

Belz,

Setup > System Administration > User Interface > Web Server > Connection Security" setting.
This needs to be set as "Default Security" or "High Security" in order to only accept TLS 1.2 encryption.
This is in the latest stable release of PRTG, 20.1.55.1775.

Benjamin Day
Technical Support

Created on Feb 14, 2020 2:36:32 AM by Benjamin Day [Paessler Support] (1,441) 2 1

Last change on Feb 14, 2020 2:39:52 AM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

We are running 20.1.56.1547+, and are set to High Security, but the weak keys are still being used. Grade from SSLLABS still capped at a B due to that. TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (0x9e) DH 1024 bits FS WEAK 128 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f) ECDH secp384r1 (eq. 7680 bits RSA) FS 128 TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x6b) DH 1024 bits FS WEAK 256 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (0x9f) DH 1024 bits FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) ECDH secp384r1 (eq. 7680 bits RSA) FS WEAK 256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030) ECDH secp384r1 (eq. 7680 bits RSA) FS 256

Timeline for the weak keys to be disabled/remove, or at least have a toggle as to which keys to allow?

Created on Mar 3, 2020 8:08:04 PM



Votes:

0

Hello

I'm in version 20.1.55.1775. set the connection security to high security TLS1.2 but I still get TLS1.0 and 1.1 enabled. Any way to solve this?

Regards Ricardo

Created on Apr 7, 2020 5:02:37 PM



Votes:

0

Ricardo

Please update to the latest version of PRTG, 20.1.57, and try if this still persists, please open a support ticket.

Benjamin Day
Paessler Support

Created on Apr 8, 2020 4:56:06 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

i got the same issue, what is the secret to solve this ? High security (TLS 1.2) acitvated

SSLABS ->
TLS 1.3 No
TLS 1.2 Yes
TLS 1.1 Yes
TLS 1.0 Yes
SSL 3 No
SSL 2 No

and i'm running PRTG Network Monitor 20.3.60.1623 x64

regards, Jannick

Created on Sep 30, 2020 7:38:10 AM

Last change on Sep 30, 2020 9:11:13 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Jannick,

Can you please update to the latest stable release of PRTG, and try this again?

Benjamin Day
[Paessler Support]

Created on Sep 30, 2020 9:11:53 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

May I please get the email on disabling TLS 1.0 for version 14.3. we have it running just for ICMP polling on an environment and no need to upgrade at this time.

Created on Dec 17, 2020 8:34:07 PM



Votes:

0

Miguel,

At this time we only support versions with active maintenance and released within the last calendar year.

Benjamin Day
[Paessler Support]

Created on Dec 18, 2020 9:28:16 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Hi Could i have the hidden fix as this is also causing me issues with pci compliance

Created on Jul 19, 2022 9:17:33 PM



Votes:

0

Vince,

In the current stable release of PRTG, the default web server security setting is to use only TLS 1.2. So as long as you're running version 22.2.77, you should be good to go.

Benjamin Day
[Paessler Support]

Created on Jul 20, 2022 2:21:19 PM by Benjamin Day [Paessler Support] (1,441) 2 1



Votes:

0

Hi, may I have the magic fix to disable tls1.0 on older PRTG too? Thanks.

Created on May 23, 2023 8:43:05 AM




Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.