This document contains references to third-party documentation. Cisco AppDynamics does not own any rights and assumes no responsibility for the accuracy or completeness of such third-party documentation.
Version | Revision Date | Description |
---|---|---|
1.2 | March 11, 2024 | The end of support notice is revised to include an advisory for certain On-Premises Controllers. |
1.1 | January 24, 2024 | The end of support date was extended from December 31, 2023 to April 1, 2024. |
1.0 | August 31, 2023 | The notice was introduced with an original end-of-support date of December 31, 2023. |
On-Premises Controller versions >=23.11 supports TLS >=1.2. The agents that support only TLS<1.2 will stop reporting when you upgrade the Controller to versions >=23.11.Therefore, when you upgrade the Controller to versions >=23.11, ensure that the Cisco AppDynamics agents also support TLS>=1.2.
All customers currently using Transport Layer Security (TLS) versions 1.0 and 1.1 to connect with AppDynamics. You are impacted if you meet one or more of the following conditions:
Conditions | Recommended Action |
---|---|
Using JDK 6 | JDK 6 does not support TLS 1.2. Upgrade to JDK 8 or later. See Support Advisory: Java Agent End of Support for JDK 6 and JDK 7. |
Using Windows Server 2008 and 2008 R2 | Windows Server 2008 and 2008 R2 can work on TLS 1.0 and TLS 1.1 and cannot use TLS 1.2. TLS1.0/1.1 will not be able to connect to AppDynamics. Upgrade to Windows Server 2012 or later. See Support Advisory: Windows Server 2008 and 2008 R2. |
Using .Net Framework | See Action Necessary for .Net Agent. |
What is being deprecated?
Effective April 1, 2024, AppDynamics will no longer accept network connections utilizing TLS 1.0 and 1.1 protocols. TLS versions 1.0 and 1.1 are security protocols used to create encrypted network channels.
Any agent or customer browser using TLS1.0 and 1.1 will not connect to the AppDynamics environment after April 1, 2024.
What actions are necessary?
Perform the following actions to check if you have enabled TLS 1.0 or 1.1 or if you are running an environment that will not support the newer TLS versions.
Actions Necessary for Java Agent
The Java Agent will not use TLS 1.2 in the following situations.
- Ensure that you are not using Analytics Service with Java Agent versions older than 4.5.13. In those older versions, Analytics Service uses TLS 1.0 by default.
Ensure that you have not enabled TLS 1.0 or 1.1 in the
java.security
file. Run the following command to identify the disabled TLS versions in thejava.security
file.Command
cat <JVM path or $JAVA_HOME>/conf/security/java.security | grep "^[^#;]*jdk.tls.disabledAlgorithms"ORcat <JVM path or $JAVA_HOME>/jre/lib/security/java.security | grep "^[^#;]*jdk.tls.disabledAlgorithms"
CODE
The output may include
TLSv1
andTLSv1.
1. The absence ofTLSv1.1
andTLSv1
in the disabled algorithms of thejava.security
file does not guarantee that your environment is utilizing these versions. However, ifTLSv1
andTLSv1.1
are specified to be used in a system property or environmental variable, the JVM will permit these older TLS versions.- Ensure that you are not using the
APPDYNAMICS_JAVA_AGENT_TLS_ALLOWED_ALGORITHMS
environmental variable. - Ensure that you are not using the
-Dappdynamics.agent.tls.allowedAlgorithms
system property. - Ensure that you are not using the
appdynamics.agent.ssl.protocol
system property to override the default settings.
Action Necessary for .Net Agent
The following actions are for applications targeting .Net Framework older than 4.7 (even when .Net Framework 4.7 or later is used as a runtime environment):
- If you are using .NET Framework 2.x-4.7 (32-bit and 64-bit)
The application is targeting a version of the .Net Framework that is older than 4.7, regardless of whether the runtime environment is later than 4.7. For example, TLS 1.2 could not be used if the runtime framework was 4.8 but the application is compiled for the target framework 4.5.
To use TLS 1.2 for the conditions above, enable SchUseStrongCrypto
andSystemDefaultTlsVersions
registries. This is to ensure that .Net Framework is not blocking TLS 1.2. See the Microsoft documentConfigure for strong cryptography for details.
HKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework<VERSION>: SchUseStrongCryptoHKEY_LOCAL_MACHINE\SOFTWARE[Wow6432Node]Microsoft.NETFramework<VERSION>: SystemDefaultTlsVersions
CODE
TLS 1.3 is not supported on .NET Framework 3.5.
What if I have questions?
If you have any questions or concerns, contact our support portal.