Identifying Legacy TLS Connections

In order to help with identifying the connections using legacy TLS protocols (TLSv1.1, TLSv1.0 or older) we've introduced a feature to track each site's use of deprecated insecure TLS versions.

Note: Our announcement about deprecating old TLS schemes can be found here.

Shotgun administrators can follow the steps below to track insecure connections to their Shotgun site.

Logging Deprecated TLS Events On a Shotgun Site

Under Site Preferences > Security enable the logging of deprecated TLS events.

tls-enable-pref.png

Create a new page to display the deprecated TLS connections.

tls-create-custom-page.png

Create a page filter to only display the insecure connection events.

tls-create-filter.png

Reviewing Legacy Connections

Once the page is created, you'll receive events like the example below whenever a connection is made using an insecure protocol.

tls-sample-output.png

Using the Who field and the details provided in the Meta Data  field, site administrators should be able to identify the tools and work towards updating them to compliant versions of TLS.

Performance Considerations

When a site admin turns on the site pref to record insecure TLS usage in the Event Log, it could create a lot of Event Log entries if the site has heavy API use from insecure TLS clients. As a result, we recommend turning off this site preference until the majority of identified client scripts are updated.

Follow