Implemented

Web Help Desk Email Support for TLS 1.2

I have been informed by SolarWinds support that the WHD email daemon only supports TLS 1.0 which is no longer considered secure and is not accepted by PCI compliance.  I would like to see this updated to support TLS 1.2 which is the current standard.

  • bshopp​ this should probably be changed to implemented as its was resolved in 12.6??

  • Two points and a rant/plea for help:

    1) TLS 1.0 has been known insecure since 2014.  It has been depreciated by NIST and most large organizations.  The PCI council will no longer support it after June 30, 2018. Microsoft Office 365 and Exchange Online will no longer support TLS 1.0 after October 31, 2018.  Therefore, WHD (and other Solarwinds products that rely on the Tomcat SendMail daemon) to communicate with mail servers is going run afoul of the default security settings on their organization's mail systems.

    2) Correct SSL authentication against well secured Exchange servers (both 2010 and 2016) has been quite hit-or-miss in our implementation of WHD.  Our original rollout of the service was delayed and almost abandoned altogether because we could not establish a secure connection (required by the state) between our 12.5.0 version in May of 2018.  The situation only changed when 12.5.1 was release and the same settings magically worked against the same servers. 

    Now that our enterprise email has been upgraded to a hybrid on-prem/0365 environment running Exchange 2016 on the front end we are again having inconsistencies with outbound authentication.  It will work for a while and then it stops working.  It's a really frustrating situation that Solarwinds support has not been willing to engage with us on.  The default initial reply is to turn SSL off. (Snort!)

    A better supported and more transparent and configurable mail subsystem is, IMHO a high-priority fix for the next upgrade.