Has TLS 1.2 support been added to the WSM?
TLS support is not dependent on the monitor version if you are using SSL. Our current collector certificate supports SHA-256, which includes the TLS 1.2 specifications. The monitor (or any of the New Relic agents) relies on the operating system to work out the cryptography of the connection. If you are restricting outgoing connections to TLS 1.2 only and this prevents the WSM from connecting to New Relic, we would need to know that and perform some testing to determine the underlying problem. I cannot think of any reason it wouldn’t work, though.
There are a couple of specific certificates (GeoTrust Global CA) that need to be in your root certificate store in order to communicate with the collectors. Since Windows Server 2008 was released these certificates should automatically be part of the operating system (they were added to 2003 via update). There have been some odd cases where they have to be reinstalled, but it is uncommon and usually due to a group policy or other modification that removes or corrupts them.
Just wanted to share that we had the same issue when we disabled TLS 1.0. We made it work by adding the SchUseStrongCrypto registry setting. See this link for more info: http://www.johnlouros.com/blog/enabling-strong-cryptography-for-all-dot-net-applications.
For what it’s worth, there’s another blog that addresses this:
So, while it does kinda suck that we’re dependent on 3rd party options to provide secure connections, we can find solace in the fact that they do provide enhanced security. My fervent hope is this will provide a useful guide for other customers who have to disable TLS 1.0 because of their company’s security policy.
New NewRelic.AppName not updated in APM nor Browser