TLS 1.0 Deprecation for Qualys Cloud Platform

Joe Gregory

Last updated on: September 6, 2020

Qualys will require all connections to our Cloud Platform to use TLS 1.1 or higher beginning April 2nd 2018, in order to align with industry best practices for security and data integrity.

Please ensure that you are using TLSv1.1+, or your connectivity to the Cloud Platform will be impacted.  This change will affect all connections to the Cloud Platform, this includes UIs, APIs, Scanner Appliances, and Cloud Agents.

Dates for each Shared Cloud Platform are listed in the table below. If you are hosted on a Private Cloud Platform (PCP), this change will be coordinated directly with our Security Operations team.

Platform Name User Interface API Scanner Appliance Cloud Agents
US Shared 1 April 17, 2018 April 17, 2018 April 17, 2018 May 17, 2018
US Shared 2 April 12, 2018 April 12, 2018 April 12, 2018 May 12, 2018
US Shared 3 April 2, 2018 April 2, 2018 April 2, 2018 May 2, 2018
EU Shared 1 April 10, 2018 April 10, 2018 April 10, 2018 May 10, 2018
EU Shared 2 April 4, 2018 April 4, 2018 April 4, 2018 May 4, 2018
IN Shared 1 April 9, 2018 April 9, 2018 April 9, 2018 May 9, 2018

 

Any legacy software that does not support TLSv1.1+ will require updating prior to this change.  If TLSv1.1+ is not supported and the application is not updated, the application may cease to function on the date mentioned in the table above.  Please work with the appropriate vendor to confirm if TLSv1.1+ is natively supported or if a system update is required prior to the change-over date.

For Cloud Agent deployments

Cloud Agent Windows utilizes cryptographic protocol support provided by the Windows operating system. Older Windows operating system (including Windows XP, Embedded Standard, Server 2003/SP2, Server 2008/SP1/SP2, and potentially others if explicitly configured) do not have TLS 1.1+ support on the operating system for Cloud Agent to utilize.

(Cloud Agent on Windows 7, 8/8.1, 10, Server 2008 R2, 2012, 2016 and Linux, Mac, and AIX operating systems support TLS 1.1+ and are not impacted, though network proxies may be stepping-down TLS 1.1+ to 1.0 inadvertently.)

Customers can utilize forward proxy servers to “step-up” the version of TLS from 1.0 to 1.1+ to continue running Cloud Agent Windows on older Microsoft operating systems that only have support for TLS 1.0.

For those cases where a proxy server cannot be utilized, customers can use the Qualys network scanner to assess the affected system until the conversions have been implemented.

This same notification is also published under TLS 1.0 Deprecation information in the Support KnowledgeBase.

Show Comments (1)

Comments

Your email address will not be published. Required fields are marked *

  1. Could you please expand more on what this means for the Scanner Appliances? Since customers are not responsible for patching physical or virtual appliances how will they be updated to support TLSv1.1+ connections? It’d like to have more information on the appliances please.

    – Colton