Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Remove TLS 1.0

TLS 1.0 is now considered to be as bad as using SSL v2 or SSL v3. Everytime I try to turn TLS 1.0 off after an upgrade of a Solarwinds product, Solarwinds has missing items on their web pages. Since our Solarwinds instance is accessible on the internet, TLS 1.0 needs to be dropped for security reasons.

Find more posts tagged with

Status: None

Comments

aLTeReGo

SAM 6.4 (Currently in beta) natively supports the disabling of TLS 1.0 and 1.1, allowing only the use of TLS 1.2.

Hock

Is this extended to NPM? Due to PCI requirements, we need to disable TLS 1.0 and 1.1

byrona

aLTeReGo I just upgraded to SAM 6.4 last night and this morning when SW Support called me regarding an issue with my report logos going away I was told that both TLS 1.0 and 1.1 are required to be on otherwise the report logos will go away.

Hock

After upgrading to 12.1 and disabling TLS1.0, NPM web interface is still not displaying properly. Am I missing something?

My datacenter team enforced the TLS1.2 only using IIS Cryto tool.

aLTeReGo

I would recommend opening a case with support so we can determine where the issue is. We have countless waves of customers which have disabled TLS 1.0/1.1 with NPM 12.1 without issue, so there's something odd going on here for sure.

tmeadows

I had the same issue, with being told by one tech support person yes you can disable, and another saying no you can't, but when I did disable TLS1.0, I had the same web page issues that you use displayed

Hock

Up for awareness and TLS1.2 only still does not work for NPM 12.1

iptydafool

I'm having a similar issue with between additional polling engines and the main server losing communication with 1.1 or 1.2 disabled. The services aren't stopping but the components throw an error indicating they are unlicensed. The DB updates and there is network traffic but the main engine doesn't appear to be getting the OK that all is well with the additional engine. I was informed the issue may be with WPM being the only component requiring older TLS and that all the others should be good without it until an upgrade is performed.

Currently pending updates from the case I've opened.

"As far as TLS 1.2 and disabling TLS 1.0 and 1.1, your current versions of NPM, SAM, IPAM, and UDT all support having only TLS 1.2 enabled. However, the version of WPM you have currently does not support this and requires TLS 1.0 and 1.1 to be enabled. For Additional Polling Engines, TLS 1.1 is required for the installation portion but can be turned off afterward. Overall, your environment currently requires TLS 1.0 and 1.1 to be enabled, at this point, solely for the WPM application you are currently running, but it has not been stated yet if/when that will be changed to support having TLS 1.2 solely enabled."

Hock

Finally, NPM 12.2 is unable to work without TLS1.0 and 1.1

tmeadows

Yes, Finally, the latest NPM and SAM can now work with TLS 1.0 turned off. We did however have some minor issues with monitoring ESXi servers that are running 5.X versions. They need to run 6.X to work properly