I am currently using Veeam B& R version 11. I am trying to get Veeam to use TLS 1.2 instead of SSL 2.0 and 3.0. My Vulnerability scanner shows that Veeam is still using SSL for its connections. How do i force Veeam to use TLS 1.2 instead of SSL?
Solved
Force Veeam to use TLS over SSL
Best answer by Stabz
Lawrie wrote:
HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
Hey
You can use IISCrypto tool, it’s really easy to use https://www.nartac.com/Products/IISCrypto/
You can also disable old protocols by GPO.
+7HI
Are you seeing any errors? can you please provide a bit more on what you are attempting to do?
I believe this is all controlled by the OS, but I may be leading you down the wrong path without more info.
3-2-1-0 is a way of life
Thanks for the reply. I have not tried to use TLS 1.2 yet. So cannot post errors. If there is some sort of documentation or link that can show me how this done; to get Veeam to use TLS 1.2. My vulnerability scanners say ports 33034 and 9419 are using SSL. Both ports are from Veeam services. See below information from scanner 172.21.50.16 (tcp/33034/www) and 172.21.50.16 (tcp/9419/www)
I will look through the link you provided.
1 person likes this
+7Does the scan tell you what process is using the ports?
3-2-1-0 is a way of life
1 person likes this
See below processes and ports
[VeeamDeploymentSvc.exe]
TCP [::]:33034 [::]:0 LISTENING 4
VeeamFilesysVssSvc.exe]
TCP [::]:9419 [::]:0 LISTENING 4
+17We have disabled SSL2.0, SSl3.0, TLS1.0 and TLS1.1 on our backup servers. Everything is working fine.
Please be aware that we have VBR Server and the database on one system, I cannot say anything about the connections between VBR and the database.
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
+17Hi
these protocols have to be disabled in Windows.
Our Windows admins had a tool for this - I will send a DM to you.
With this you can disable protocols, cipher suites, hashes and key exchanges.
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
+8Lawrie wrote:
HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
Hey
You can use IISCrypto tool, it’s really easy to use https://www.nartac.com/Products/IISCrypto/
You can also disable old protocols by GPO.
Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
Comment
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.