How to upgrade to TLS 1.2 and why it’s crucial for Bitdefender Endpoint Security Tools functionality

Transport Layer Security, also known as TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. One of its primary uses is encrypting the communication between web applications and servers, such as web browsers loading a website. TLS can also be used to encrypt other communications such as email, messaging, and voice over IP (VoIP).

TLS is similar to SSL (Secure Sockets Layer). The latter was developed by Netscape and ensures message integrity while guaranteeing server identity. The Internet Engineering Task Force (IETF) created TLS as the successor to SSL. It's used most often as a setting in email programs, but, like SSL, can be used in any client-server transaction.

TLS ensures that a connection to a remote endpoint is the intended endpoint with encryption and endpoint identity verification.

The PCI Council released version 3.1 of their Data Security Standard (DSS), which states that SSL 3.0 and TLS 1.0 are no longer supported. For more information, refer to this official post.

Although the DSS 3.1 allows TLS 1.1 if configured properly, Bitdefender doesn’t want to take any risks and has chosen the safest path.

This implies migrating all customers to TLS 1.2.

Connections, inbound to your Bitdefender console or outbound from it, will fail if they rely on TLS 1.0 or 1.1.

After the migration to TLS 1.2 the following services will be affected and need to be acted upon.

1. BEST versions released before 2018 running on legacy Windows (older than Windows 8)*

*Bitdefender renounced its support for Windows 2003, Windows Vista and Windows 2008 back in January 2020.

In order to avoid any problems, such as the stations running old BEST versions appearing as offline in the console, you need to undertake the following steps:

2. Sandbox Analyzer Cloud

All Bitdefender Endpoint Security Tools agents will be affected as long as they are installed on any Windows version prior to Windows 10.

To avoid potential problems related to the endpoint legacy versions, you will need to follow the steps mentioned above for upgrading your BEST version.

An upgrade for your on-premises console is also needed in order to avoid issues in the communication with the cloud services. To do this, follow the indications mentioned in this KB.

3. Event-push service

In order to avoid any issues, we recommend you switch to TLS 1.2 and configure the new ciphers on the server that receives information from the event-push service.

4. Any legacy client running older TLS versions that connects to the console

Potential issues will be avoided if you upgrade your clients to TLS 1.2 and configure the new ciphers.

As of October 2022, Bitdefender supports the following cipher modes: