Greetings,
Site24x7 is ending support for earlier Transport Layer Security (TLS) versions 1.0 and 1.1 due to security reasons.
What is TLS?
TLS is a secure way of client-server data communication. The TLS protocol protects the confidentiality and integrity of the information passed between two systems. Since the earlier versions of TLS - TLS 1.0 and 1.1, pose security issues, we are completely migrating to TLS 1.2
How are you affected?
If your browsers, application programming environments, and Site24x7 agents do not support TLS 1.2, you will face problems with data collection and viewing the same.
You can safely ignore if your browsers, programming environments, and Site24x7 agents are updated to the latest TLS version (TLS 1.2).
What should you do?
You should update to the latest TLS version and Site24x7 agents that supports TLS 1.2. The following table enlists the corresponding versions that support TLS 1.2
Browser versions |
Google Chrome - Version 30 & above
|
Programming Environments |
|
APM Insight agent versions |
|
On-Premise Poller | Version 3.1.6 & above |
Server Monitoring | For the Windows Server Monitoring agent, TLS 1.2 is disabled by default for Windows Server 2008. To enable it, please apply the hotfix mentioned in this article . To enable TLS 1.2 for Windows Server 2012, 2008 R2, and 7, apply this hotfix . |
Real Browser monitoring | For web transaction recorders and Site24x7 Desk apps, the latest version compatible with TLS 1.2 is displayed on the login screen - kindly download the same. |
API's | To communicate via API's, ensure that your browsers, programming environments, and OS are compatible with TLS 1.2 |
In case of any questions or concerns, kindly drop a word to support@site24x7.com .
Hello,
You guys should implement your own library instead of depending on the library provided by operating system. We have to discontinue site24x7 since we are using Server 2003 R2 in production. Chrome and Firefox browsers support TLS 1.1 and 1.2 when running on older Windows systems as well.
Reference:
serverfault.com/questions/793280/does-windows-2003-support-tls-1-1-and-1-2/793281
If you run windows 2003 in production you are 15 year outdated with much more security issues than TLS
Can still ping them from a remote poller - or maybe install the SNMP service and monitor them that way
We are still seeing an alert -
Looks like you are using an older version of TLS in your servers. www.site24x7.com/community/terminating-support-for-earlier-tls-versions-for-security-reasons to upgrade to TLS version 1.2.
Want to know which servers use the old TLS version? Check now!
"Check now" is not clickable. I had 2 servers with a warning icon indicating there were running an older version of TLS. They have been updated, but the warning message still persists on the Server Monitors page.
I opened a ticket with support, but the response was "if there are no servers with the warning icon, the TLS update can be considered complete".
If that is the case, how do I remove the TLS warning message on the Server Monitor page?
Did you restart the site24X7 service on the affected servers?
The message remained on my servers until the service was restarted.
I restarted the server, and I restarted the agent. Verified the patch is there. Still getting the error.
Have you set the required keys in the registry after the patch is installed?
I think that requiring people to do this is ridiculous. If its going to be a requirement then you are going to have to give more time for this. Do you know how many companies out there have hundreds of windows boxes and will not have time to get this done? I am lucky and only have a few. But it is still a pain to have to do this patch. And what affect will it have on my apps that run on these servers?
That said I did find the requirement descriptions for creating this registry key:
support.microsoft.com/en-us/help/4019276/update-to-add-support-for-tls-1-1-and-tls-1-2-in-windows.
Again I find it quite ridiculous that this is something we have to do, and not provide some kind of script to do it.
Is there a report which shows which server monitors need to be updated?
I can't imagine requiring clients to upgrade if you can't tell us which systems are affected and need to be upgraded.
Hi,
We understand your concern. There is a filter option given in the Site24x7 web client to view servers that are still using an older version of TLS (1.0 and 1.1). To use the filter,
- Log in to Site24x7.
- Go to Server > Server Monitor > Servers
- In the Monitor Status page, click on the filter icon to view servers using TLS versions 1.0 and 1.1
- Upgrade the servers using the older version to TLS version 1.2
Hope this helps. Let us know for further queries, if any.
Happy Monitoring!
Greetings,
Kindly note that TLS version less than 1.2 will not be supported for the Site24x7 agents after September 30, 2020.
What happens if you are in the lower versions after September 30, 2020?
Agent communication between Site24x7 agents and your applications/servers will not take place and hence there will not be any data collection. In short, you won’t have any monitoring data.
What should you do to mitigate the issue?
Kindly upgrade to the below mentioned Site24x7 agent versions:
If you are using Site24x7
- APM Insight - Kindly upgrade to Java agent version 3.8 & above; .NET agent version 4.0 & above; Ruby agent version 1.7 & above
- Server Monitoring - Kindly refer this Solution article
- On-Premise Poller - Kindly upgrade to version 3.6 & above
- API's - To communicate via API's, ensure that your browsers, programming environments, and OS are compatible with TLS 1.2
Please note that if you are using the latest agent versions or any agents up and above the mentioned ones, you have nothing to worry about.
In case of any questions or concerns, kindly drop a mail to support@site24x7.com