I am currently using Veeam B& R version 11. I am trying to get Veeam to use TLS 1.2 instead of SSL 2.0 and 3.0. My Vulnerability scanner shows that Veeam is still using SSL for its connections. How do i force Veeam to use TLS 1.2 instead of SSL?
Solved
Force Veeam to use TLS over SSL
Best answer by Stabz
HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
Hey
You can use IISCrypto tool, it’s really easy to use https://www.nartac.com/Products/IISCrypto/
You can also disable old protocols by GPO.
+7HI
Are you seeing any errors? can you please provide a bit more on what you are attempting to do?
I believe this is all controlled by the OS, but I may be leading you down the wrong path without more info.
3-2-1-0 is a way of life
Hi
Thanks for the reply. I have not tried to use TLS 1.2 yet. So cannot post errors. If there is some sort of documentation or link that can show me how this done; to get Veeam to use TLS 1.2. My vulnerability scanners say ports 33034 and 9419 are using SSL. Both ports are from Veeam services. See below information from scanner 172.21.50.16 (tcp/33034/www) and 172.21.50.16 (tcp/9419/www)
I will look through the link you provided.
+7Does the scan tell you what process is using the ports?
3-2-1-0 is a way of life
See below processes and ports
[VeeamDeploymentSvc.exe]
TCP [::]:33034 [::]:0 LISTENING 4
VeeamFilesysVssSvc.exe]
TCP [::]:9419 [::]:0 LISTENING 4
+16We have disabled SSL2.0, SSl3.0, TLS1.0 and TLS1.1 on our backup servers. Everything is working fine.
Please be aware that we have VBR Server and the database on one system, I cannot say anything about the connections between VBR and the database.
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Veeam Certified Engineer (VMCE) | LinkedIn: https://www.linkedin.com/in/jochen-meixner | X: @JoMeix | BlueSky: @jmeixner.bsky.social
HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
+16Hi
these protocols have to be disabled in Windows.
Our Windows admins had a tool for this - I will send a DM to you.
With this you can disable protocols, cipher suites, hashes and key exchanges.
Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2024 | Veeam Certified Architect (VMCA) | Veeam Certified Engineer (VMCE) | LinkedIn: https://www.linkedin.com/in/jochen-meixner | X: @JoMeix | BlueSky: @jmeixner.bsky.social
+8HI
Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?
Hey
You can use IISCrypto tool, it’s really easy to use https://www.nartac.com/Products/IISCrypto/
You can also disable old protocols by GPO.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.