+18
Considering for Future Release

Add Support for TLS 1.3 in Mono for Linux Self-Hosted Systems

J Copeland 2 years ago updated by Centicon 10 hours ago 21

Please add proper support for TLS 1.3 in Mono so that Chrome/Firefox users don't have to disable TLS 1.3 to make ScreenConnect work.

Related KB: https://docs.connectwise.com/ConnectWise_Control_Documentation/Technical_support_bulletins/Can_no_longer_load_Control_website_after_updating_Chrome

Available in Version:

Answer

Answer

The community has had success with a workaround for this issue. This may work for your situation. https://tylermade.net/2017/05/04/easy-ssl-for-screenconnect-with-nginx-reverse-proxy/

 

Can't emphasize this enough!  Linux Self-Hosting needs to support the latest browsers and TLS.  This is a known issue - It should not need to take a feature request to have ConnectWise fix a known bug!!  PLEASE FIX IT!

Considering for Future Release
+1

I'm not sure why an issue that's been discovered a year ago has not been fixed yet!    And a security issue no less!   Seriously considering other products due to this not getting fixed promptly.    I opened a ticket regarding this 12/14/2017 and it's still not fixed!

Hear, hear!!!!! get this DONE!!!

Answer

The community has had success with a workaround for this issue. This may work for your situation. https://tylermade.net/2017/05/04/easy-ssl-for-screenconnect-with-nginx-reverse-proxy/

 

A work around from the community is nice, however I'd like to see some movement from the company to fix this. And I'm really gettin worried that ya'll are leaning towards dropping support for hosting on Linux. That was one of the reasons many of us, including myself, started using this software. Very little overhead with a headless server. May have to start looking at alternatives.

+1

Wayne I wouldn't bother waiting, there'll be no movement from the company on this.

I suggest setting up NGINX + Lets Encrypt on the same VM you're running ScreenConnect on.

It's actually really straightforward and solves this problem permanently.

Here's the script: https://github.com/stylnchris/sc_ssl_support/

And if you need any help there's a ton of info in this thread: https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono

Also, NGINX makes ScreenConnect super responsive and much faster to navigate around the web GUI.

I want to add my vote that this should be fixed and we should not have to rely on a workaround.

I'm appreciative to everyone that has worked on trying and testing these solutions, but I'd like the solution to come from the vendor so it's supported and nothing breaks (like the jnlp and invite issues mentioned in other threads)

Please fix this, ConnectWise!

Looks like it's been announced (updating mono). Is there ANY ETA?

I have over 1,600 clients and the current version of mono maxes the CPU even on very high end servers.

Hi Allen, 

We're planning to release updated mono in our upcoming 19.4 release. If you have a test environment and want a chance to test now, please let us know. Reach out to pm@screenconnect.com. 

Thanks, 

Caitlin 

I also just upgraded to 19.4 ... and TLS 1.3 doesn't seem to be working .. is there a config we need to change?  Yubikeys still not working.

I can wait for a more stable build. Do you know approx when 19.4 will be released? (I won't hold you to it)

+1

We're working through the issues now, should be in preview in a few weeks, and stable a few weeks after that. At this time we don't have firm dates!

I just upgraded to 19.4.  It's still using TLS 1.0. Do I need to do something to change that or is 1.3 still not supported? 

Hi Phil, 


Apologies, our updates to Mono were not in our 19.4 release. They should be available soon!

Best, 

Caitlin 

You've been promising for months that 19.4 will contain the updates to Mono. I just updated to 19.4 and like the others above i find it's still using TLS 1.0. And now you say "should be available soon"  When???

This is really frustrating!!!!  Why do you promise something that people are waiting for and then not deliver???

Right... 19.4 and TLS 1.3/updated Mono has been promised for a while.  Yet it's not here.  You would think after the recent press about ransomware with Connectwise Control/Non-2FA accounts ... that this would be a higher priority.  Not something to put off for around a year...  And Yubico announced the TLS requirements a LONG time ago..plenty of time to get it done..

Considering that edge is switching to the chrome codebase within the next few months...once that occurs there's no way for Linux standalone to be accessed as all the browsers will block Linux SC because it only supports tls 1.0.

This would be ideal in conjunction with Let's Encrypt

So version 19.5.25995.7276 is out. 

Has Mono been updated as per this email from 19th August 2019:


We’re upgrading Mono for increased Linux security and sustainability. The updates will add support for more recent versions of TLS as well as a greater number of 64-bit Linux distros. You will also notice a general improvement in performance when connected to a large number of sessions.


Does this version now support TLS 1.3? 

It doesn't appear so. When will the upgrade to Mono be available? It would be really nice to know what is happening with this issue.

Thank you

18th Jan 2020: SSL works on mono with version 19.6!

from the release notes:

Updated Mono support for Linux on-premises installations

We've updated the Mono architecture that's used for our Linux on-premises installers.This fixes many security issues such as TLS 1.0 limitations, and it helps us keep Mono up-to-date in the future.

We officially support these Linux distributions:

  • Ubuntu 64-bit LTS
  • Debian 64-bit (latest stable release)

Thank you!