On-premises ConnectWise Versions that have a low SSL score and specifically accounts that have TLS1.2 disabled in their HTTPS connection protocols have been unable to Sync Records. This is a known Issue as ConnectWise now requires all API's to connect over TLS1.2, as other protocols are vulnerable to attack; a security notification was sent out some time ago about securing your server.
Please ensure your server is PCI compliant by 1st September 2017.
When you run an SSL report on your Server (<your connectwise URL>) it will shows as an F, which is the lowest possible score. This is because you have older protocols enabled, and specifically TLS1.2 is not enabled. You will need to disable SSL3, SSL2 as both are susceptible to SSL attcks (Heartbleed, Poodle).
Action Required:
You will need to ensure:
- Protocols are enabled
- Ciphers are enabled / disabled as per the best practices
- Hashes are enabled / disabled according to best practices
- Key Exchanges are enabled
- Cipher Suites are Ordered (as per below)
- Disable SSL3 and SSL2
Important: Changes to the Transport Layer require a reboot between each change, so we recommend that this is to be done out of hours.
The following site provides steps on how to achieve an A rating on Qualys SSL Labs with Windows:
https://www.coderamblings.net/archive/how-to-achieve-an-a-rating-on-qualys-ssl-labs-with-windows/
Below is an example of the desired results when running a SSL Report:
Additional Information:
If you need direction on how best to secure your ConnectWise Server, we recommend you log a support ticket with ConnectWise to ensure that you bring your server up to date in terms of the connection security.
Online tools that allow you to configure your protocols:
- https://www.ssllabs.com/ssltest/analyze.html?d=aus.myconnectwise.net
- https://www.nartac.com/Products/IISCrypto