• EN
Solved

Force Veeam to use TLS over SSL

  • 22 December 2022
  • 9 comments
  • 2186 views
L
Userlevel 1
  • Lawrie
  • Not a newbie anymore
  • 4 comments

I am currently using Veeam B& R version 11. I am trying to get Veeam to use TLS 1.2 instead of SSL 2.0 and 3.0. My Vulnerability scanner shows that Veeam is still using SSL for its connections. How do i force Veeam to use TLS 1.2 instead of SSL?

icon

Best answer by Stabz 22 December 2022, 09:38

View original

9 comments

AndreAtkinson
Userlevel 3
Badge +7

HI @Lawrie,

Are you seeing any errors? can you please provide a bit more on what you are attempting to do?

I believe this is all controlled by the OS, but I may be leading you down the wrong path without more info.

https://www.veeam.com/kb2853

3-2-1-0 is a way of life
L
Userlevel 1

Hi @AndreAtkinson 

Thanks for the reply. I have not tried to use TLS 1.2 yet. So cannot post errors. If there is some sort of documentation or link that can show me how this done; to get Veeam to use TLS 1.2. My vulnerability scanners say ports 33034 and 9419 are using SSL. Both ports are from Veeam services. See below information from scanner 172.21.50.16 (tcp/33034/www) and 172.21.50.16 (tcp/9419/www)

I will look through the link you provided.

AndreAtkinson
Userlevel 3
Badge +7

Does the scan tell you what process is using the ports?

3-2-1-0 is a way of life
L
Userlevel 1

See below processes and ports

 [VeeamDeploymentSvc.exe]
  TCP    [::]:33034             [::]:0                 LISTENING       4

VeeamFilesysVssSvc.exe]
  TCP    [::]:9419              [::]:0                 LISTENING      4

 

JMeixner
Userlevel 7
Badge +17

We have disabled SSL2.0, SSl3.0, TLS1.0 and TLS1.1 on our backup servers. Everything is working fine.

Please be aware that we have VBR Server and the database on one system, I cannot say anything about the connections between VBR and the database.

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
L
Userlevel 1

HI @JMeixner 

Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?

JMeixner
Userlevel 7
Badge +17

Hi @Lawrie,
these protocols have to be disabled in Windows.

Our Windows admins had a tool for this - I will send a DM to you.
With this you can disable protocols, cipher suites, hashes and key exchanges.

Jochen (Joe) Meixner | Veeam Vanguard 2024 | Veeam Legend 2021 - 2023 | Veeam Certified Architect (VMCA) 2022 | Twitter: @JoMeix | BlueSky: @jmeixner.bsky.social
Stabz
Userlevel 7
Badge +7

HI @JMeixner 

Are you able to tell me how you disabled SSL and TLS 1.0 and TLS1.2.? Maybe there is a link you can show me?

Hey
You can use IISCrypto tool, it’s really easy to use https://www.nartac.com/Products/IISCrypto/

You can also disable old protocols by GPO.

Philippe DUPUIS |Veeam Certified Engineer | https://original-network.com/
L
Userlevel 1

Thank you All. I will use the IISCrypto tool and let you know how i go.

I will post back later.

Comment


Terms & Conditions