Bigfix with TLS1.2

is there any impact on Bigfix Server when we enable TLS 1.2?

What specifically are you talking about, turning on TLS 1.2 ciphers list, the TLS 1.2 protocol, or enhance security?

  • Enhance Security: I implemented it thrice within different enviorments but didnt face any issues but there are certain guidlines before enabling it, please refer to that.
    Guidance on Enabling Enhanced Security - Customer Support
    Security Configuration Scenarios

  • Updating the TLS 1.2 ciphers list with the BESAdmin tool: This can occasionally cause problems if a relay or client stops reporting in BigFix because they do not support or have enabled the necessary ciphers for communication. Therefore, the solution is to undo the modifications and identify the cipher that aren’t functioning on some of the devices.

  • TLS 1.2 protocol, which is essentially an OS requirement, was turned on in our instance and we had no problems.
    KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols

  • I hope you are not referring to the BES root server setting (REST API, WebReport, WebUI) that is related to turning on SSL certificates and does require TLS 1.2.

1 Like