FLR's failing within Veeam when disabling TLS1.0

Availability for the Always-On Enterprise

FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby mtg » Thu Sep 15, 2016 12:39 am

We have a requirement to disable SSLv3 and TLS1.0. Prior to moving to Veeam and with our previous backup software, this was not an issue leaving only TLS 1.1 and 1.2 enabled. It appears that when doing File Level Restores on the Veeam backup server (essentially all communication within Veeam), Veeam uses TLS1.0 for this process. Disabling TLS1.0 breaks the process. We reached out to support however they were not helpful and suggested we post in the forum. I don't see this a "feature request" but more of a vulnerability as anyone who goes through audits such as PCI-DSS and SSAE16 will know that SSLv3 and TLS1.0 need to be turned off. As this is within the Veeam application and nothing to do with VCenter/VMWare, any suggestions on how we can get this addressed with a patch/update? If the application is already supporting TLS1.0, not sure how complicated it is to update the communication to leverage TLS1.0 for FLR.

Please advise.
mtg
Novice
 
Posts: 4
Liked: never
Joined: Thu Sep 15, 2016 12:34 am

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby Gostev » Thu Sep 15, 2016 2:13 am

Hi, I believe we have already switched to TLS everywhere in the product in 9.5, but I will double check for you on FLR. Just in case, what was the support case number for this?
Gostev
Veeam Software
 
Posts: 21622
Liked: 2411 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby mtg » Thu Sep 15, 2016 2:18 am

Ticket #01902814
mtg
Novice
 
Posts: 4
Liked: never
Joined: Thu Sep 15, 2016 12:34 am

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby mtg » Wed Sep 21, 2016 12:51 pm

Any update and enforcing TLS1.1 or higher for FLR?
mtg
Novice
 
Posts: 4
Liked: never
Joined: Thu Sep 15, 2016 12:34 am

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby Vitaliy S. » Wed Sep 21, 2016 2:54 pm

Yes, this FR is logged and we are trying to squeeze it into our next major update.
Vitaliy S.
Veeam Software
 
Posts: 19974
Liked: 1145 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby mtg » Wed Sep 21, 2016 7:06 pm

Any idea when that will be? Will that be a hotfix or update 3?
mtg
Novice
 
Posts: 4
Liked: never
Joined: Thu Sep 15, 2016 12:34 am

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby Vitaliy S. » Thu Sep 22, 2016 6:52 am

It will be either v9.5 or subsequent updates after the release.
Vitaliy S.
Veeam Software
 
Posts: 19974
Liked: 1145 times
Joined: Mon Mar 30, 2009 9:13 am
Full Name: Vitaliy Safarov

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby Daffodil » Tue Nov 29, 2016 9:19 am

Seems it is still not working with v9.5, or have i missed anything?
Daffodil
Novice
 
Posts: 8
Liked: never
Joined: Thu Apr 03, 2014 12:03 pm

Re: FLR's failing within Veeam when disabling TLS1.0

Veeam Logoby Gostev » Wed Nov 30, 2016 12:00 am

I believe there is a workaround with 9.5, and that is to install .NET Framework 4.6. This is something I have caught from one of the recent email threads between devs and support looking for a workaround, so support should be able to provide you more details. Thanks!
Gostev
Veeam Software
 
Posts: 21622
Liked: 2411 times
Joined: Sun Jan 01, 2006 1:01 am
Location: Baar, Switzerland


Return to Veeam Backup & Replication



Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 1 guest