Welcome to our community!

Disabling TLS 1.0 and 1.1 causes the Administrator > Status page to report "error" status on multiple checks

Avatar
Justin Samsel
  • updated
  • Closed

In an effort to make our servers more secure we have decided to disabled TLS 1.0 and 1.1. We made sure to check with support before making this change so we didn't break anything. We were told to use IIS Crypto 2.0 to easily make the change.


After disabling TLS 1.0 and 1.1 our product still fully functions, except for the fact we can't see the status of multiple checks. Is it possible for that feature to work with TLS 1.2?

Image 54

Pinned replies
Avatar
0
Mike Bannerman Team Member
  • Answer
  • Closed

This isn't a security issue, the issue was that the site our status checks ping was having a problem giving an erroneous failed response.  TLS and the Control instance was working as stated by the OP.  


This is resolved in version 6.5.  Normally tickets auto update with UE, but there was an existing ticket that predated this thread.  If you're still seeing the issue ping pm@screenconnect.com.  

Replies 11
Avatar
0
Justin Samsel

Here are the settings that IIS Crypto 2.0 disabled:



Avatar
0
Ben Burner
  • Not a bug

Good morning,


Thank you for submitting this information.


I have registered an improvement with development to make the server that handles admin page status check requests handle requests from instances of ConnectWise Control where TLS 1.0/1.1 has been disabled.


Cheers,

Ben

Avatar
0
Justin Samsel

Thanks very much for your reply! I look forward to my Status page working again.

Avatar
1
Ben Burner
  • Under Review
Avatar
2
creisz

It's all about security. Good see you working to get away from TLS 1.0.

Thanks

Avatar
0
Justin Samsel
Quote from Ben Burner

Ben, any update on this? I am on the latest stable version of ConnectWise Control and still can't use my Status page to check for new versions, external accessibility, browser URL, or web server checks. This is a really inconvenient page for me right now.

Avatar
0
derekj

I agree,  I can't disable TLS 1.0 and 1.1 on our instance until these items are fixed. ETA?

Avatar
0
Justin Samsel

In the mean time, if anyone needs to check what version they have installed, you can right click a .dll files in the Bin folder and check it's file properties.


Would be really nice to not have to do that though :)

Avatar
0
Nathan Roudebush

Should be a top priority to keep paying customers information secure.

Avatar
0
Justin Samsel
Quote from Nathan Roudebush

Should be a top priority to keep paying customers information secure.

So far it hasn't been a priority, sadly. I never know when an update comes out (unless I manually go to the main ConnectWise Control downloads page) because I am required by my employer to disable these insecure protocols. I love a lot of things about ConnectWise but this has been an issue for a year now and no action has been taken :(



Top contributors
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar