+15
Considering for Future Release

Add Support for TLS 1.3 in Mono for Linux Self-Hosted Systems

J Copeland 1 year ago updated by Matrix 7 6 days ago 18

Please add proper support for TLS 1.3 in Mono so that Chrome/Firefox users don't have to disable TLS 1.3 to make ScreenConnect work.

Related KB: https://docs.connectwise.com/ConnectWise_Control_Documentation/Technical_support_bulletins/Can_no_longer_load_Control_website_after_updating_Chrome

Available in Version:

Answer

Answer

The community has had success with a workaround for this issue. This may work for your situation. https://tylermade.net/2017/05/04/easy-ssl-for-screenconnect-with-nginx-reverse-proxy/

 

Can't emphasize this enough!  Linux Self-Hosting needs to support the latest browsers and TLS.  This is a known issue - It should not need to take a feature request to have ConnectWise fix a known bug!!  PLEASE FIX IT!

Considering for Future Release
+1

I'm not sure why an issue that's been discovered a year ago has not been fixed yet!    And a security issue no less!   Seriously considering other products due to this not getting fixed promptly.    I opened a ticket regarding this 12/14/2017 and it's still not fixed!

Hear, hear!!!!! get this DONE!!!

Answer

The community has had success with a workaround for this issue. This may work for your situation. https://tylermade.net/2017/05/04/easy-ssl-for-screenconnect-with-nginx-reverse-proxy/

 

A work around from the community is nice, however I'd like to see some movement from the company to fix this. And I'm really gettin worried that ya'll are leaning towards dropping support for hosting on Linux. That was one of the reasons many of us, including myself, started using this software. Very little overhead with a headless server. May have to start looking at alternatives.

+1

Wayne I wouldn't bother waiting, there'll be no movement from the company on this.

I suggest setting up NGINX + Lets Encrypt on the same VM you're running ScreenConnect on.

It's actually really straightforward and solves this problem permanently.

Here's the script: https://github.com/stylnchris/sc_ssl_support/

And if you need any help there's a ton of info in this thread: https://control.product.connectwise.com/communities/6/topics/1691-tls-13-seems-to-breaks-screenconnect-when-using-ssl-on-mono

Also, NGINX makes ScreenConnect super responsive and much faster to navigate around the web GUI.

I want to add my vote that this should be fixed and we should not have to rely on a workaround.

I'm appreciative to everyone that has worked on trying and testing these solutions, but I'd like the solution to come from the vendor so it's supported and nothing breaks (like the jnlp and invite issues mentioned in other threads)

Please fix this, ConnectWise!

Looks like it's been announced (updating mono). Is there ANY ETA?

I have over 1,600 clients and the current version of mono maxes the CPU even on very high end servers.

Hi Allen, 

We're planning to release updated mono in our upcoming 19.4 release. If you have a test environment and want a chance to test now, please let us know. Reach out to pm@screenconnect.com. 

Thanks, 

Caitlin 

I also just upgraded to 19.4 ... and TLS 1.3 doesn't seem to be working .. is there a config we need to change?  Yubikeys still not working.

I can wait for a more stable build. Do you know approx when 19.4 will be released? (I won't hold you to it)

+1

We're working through the issues now, should be in preview in a few weeks, and stable a few weeks after that. At this time we don't have firm dates!

I just upgraded to 19.4.  It's still using TLS 1.0. Do I need to do something to change that or is 1.3 still not supported? 

Hi Phil, 


Apologies, our updates to Mono were not in our 19.4 release. They should be available soon!

Best, 

Caitlin 

You've been promising for months that 19.4 will contain the updates to Mono. I just updated to 19.4 and like the others above i find it's still using TLS 1.0. And now you say "should be available soon"  When???

This is really frustrating!!!!  Why do you promise something that people are waiting for and then not deliver???

Considering that edge is switching to the chrome codebase within the next few months...once that occurs there's no way for Linux standalone to be accessed as all the browsers will block Linux SC because it only supports tls 1.0.

This would be ideal in conjunction with Let's Encrypt