Updated: October 26, 2020

Switch to older TLS security options

Windows agents and probes have been updated to require TLS 1.2. N-able N-central uses TLS 1.2 as a default configuration. This means that N-able N-central does not allow traffic over TLS 1.0.

This causes any Windows agents or probes that are running on Windows XP and Windows Server 2003, as well as pre-v12.1 versions of the MacOS agent, to lose the ability to communicate with your N-able N-central server.

You can switch the network security profile to the Legacy Security Profile to use older TLS versions so you can continue to monitor these devices.

The differences between the two profiles are:

Compatibility Security Profile

The Compatibility security profile sits between the Legacy and Modern security profiles. It allows you to support older operating systems, such as Windows Server 2012 R2, but without allowing TLS 1.1 or 1.0.

  • Does not support TLS 1.0 and 1.1.
  • Disables weak SSH Ciphers, MACs and KEX Algorithms.
  • Supports Modern Operating Systems (Windows 7/Server 2008 R2 and newer).
  • Meets PCI requirements for TLS and ciphers.
  • Support for only 2048 bit keys

N-able strongly recommends that you choose between either the Compatibility or Modern security profile as we plan to deprecate the Legacy security profile in a future release of N-central.

Modern Security Profile:

  • Supports TLS 1.3 on all UI, API, and Agent ports. The Web UI ports have further been enhanced with TLS ciphers that offer improved performance on mobile devices.

  • Configures N-central's UI so that it does not support TLS 1.0, 1.1, SHA1 and all weak ciphers and non-PFS ciphers.
  • Disables weak SSH Ciphers, MACs and KEX Algorithms.
  • Will work with Modern Operating Systems (Windows 7/Server 2008 R2 and newer).
  • Meets PCI requirements for TLS and ciphers.
  • Support for only 2048 bit keys

Windows servers version 2012 R2 are unable to communicate with N-able N-central12.3 or later servers configured to Modern profile.

Legacy Security Profile:

  • Configures N-central's UI to support TLS 1.0 and 1.1
  • Not PCI/HIPPA/NIST compliant.
  • Supports legacy operating systems (i.e. Windows Vista/Server 2008).

This setting is only available at the System level. Changing this option will require the server to be restarted.

  1. Go to AdministrationMail and Network SettingsNetwork Security.
  2. Click the Legacy Settings option.
  3. Click Save.
  4. N-able N-central will prompt you to acknowledge a reboot of the server.

The server is rebooted and begins using the TLS 1.0 and 1.1 security.

For more information on security profiles, see the KB article, Preparing Agents and Probes for communicating over TLS1.2 with N-central 12.3 Modern Security Profile or Agent/Probe not checking in.