- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Transport Layer Security (TLS) is a critical security protocol used to protect web traffic. It provides confidentiality and integrity of data in transit between clients and servers exchanging information. Datadog is disabling support for older versions of TLS, below 1.2 (SSLv3, TLS v1.0, TLS v1.1) across public facing Datadog applications, beginning June 30, 2022. If you use unsupported clients to connect to Datadog after the older protocols are disabled, you will receive connection error messages.
These protocols are being deprecated to ensure that customers connect to Datadog using secure connection channels. This is in accordance with a decision from the Internet Engineering Task Force (IETF) to deprecate these protocols as of March 25, 2021. (https://datatracker.ietf.org/doc/rfc8996/)
Follow How’s my SSL? API instructions to check the client of your choice.
Modern browsers have had support for TLS v1.2 for a while. See the “Can I use…” compatibility matrix to determine if your specific browser and version are affected.
All versions of Agent v6 & v7 support TLS v1.2.
All versions of the Agent v5 installed with the following support TLS v1.2:
When installed with the source install script, the Agent v5 relies on the system’s Python and OpenSSL. Therefore, support for TLS v1.2 depends on the versions of Python and OpenSSL installed on the system.
To determine if your system’s Python supports TLS v1.2 (and therefore if the source-installed Agent supports TLS v1.2), run this command from a system shell:
python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"
This command outputs TLS 1.2
if TLS v1.2 is supported, and an older TLS version or an error otherwise. If TLS v1.2 is not supported, upgrade your system’s Python and OpenSSL or upgrade the Agent to v7.
OpenSSL is a library for general-purpose cryptography and secure communication used by many other tools such as Python, Ruby, PHP, amd Curl. TLS v1.2 has been supported since OpenSSL 1.0.1, see the OpenSSL changelog for more information.
Support for TLS v1.2 depends on the versions of Python and OpenSSL installed on the system:
You can run: python -c "import json, urllib2; print json.load(urllib2.urlopen('https://www.howsmyssl.com/a/check'))['tls_version']"
from a Python shell. If TLS v1.2 is not supported, upgrade your system’s Python and OpenSSL.
If you are using a newer version of Go (1.13 or above), Go already supports TLS v1.2 by default, so no changes are necessary.
When using older versions of Go, set your TLS Client Configuration’s MinVersion to explicitly use TLS v1.2:
TLSClientConfig: &tls.Config{
MinVersion: tls.VersionTLS12,
}
If your application runs on Java 1.7 or Java 1.6 (update 111 or later), you can set the https.protocols
system property when starting the JVM to enable additional protocols for connections made using the HttpsURLConnection
class. For example, by setting
Dhttps.protocols=TLSv1.2
.
If your application runs on Java 1.6 prior to update 111, or earlier, TLS 1.1 and 1.2 are not supported. Therefore, you need to update the version of Java your application runs on.
If you are using a built-in .NET client, read the Microsoft guide on how to upgrade to TLS v1.2 across various versions of .NET framework.
Powershell support for TLS v1.2 is dependent on the version of .NET installed on your system. Read Microsoft’s TLS best practices with .NET guide to determine exact requirements.
To enable recent versions of TLS for the current session:
[System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls
$AllProtocols = [System.Net.SecurityProtocolType]'Ssl3,Tls,Tls11,Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $AllProtocols
[System.Net.ServicePointManager]::SecurityProtocol
Ssl3, Tls, TLs11, Tls12
There’s also a community Powershell module available on Github that can do that for you.
To make this setting persistent, you can edit the registry according to the Microsoft documentation about enabling TLS in Office Online Server.
On 32 bit .Net Framework (version 4 and above):
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
On a 64 bit .Net Framework (version 4 and above):
Set-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319' -Name 'SchUseStrongCrypto' -Value '1' -Type DWord
Note: You need to reboot the system for this to take effect.