cancel
Showing results for 
Search instead for 
Did you mean: 

Netbackup 7.6.1 supported TLS versions

dlharris1999
Level 2

My organization is currently working on a project to disable TLS versions 1.0 and 1.1. We are planning to have TLS version 1.2 enabled only. We are running Netbackup 7.6.1 on Windows Server 2012 on our Master, Media, and Opscenter Servers. Is there documentation on how to disable the older TLS protocols and enable TLS 1.2 within the Netbackup and OpsCenter application consoles in addition to the servers? Also is there any documentation for the operating systems requirements for WIndows and Linux client thats are being backed up using Netbackup? 

4 REPLIES 4

Marianne
Moderator
Moderator
Partner    VIP    Accredited Certified

NetBackup 7.6.1 is very old and reached EOSL in 2017. 

I found the following  https://www.cvedetails.com/vulnerability-list/vendor_id-1884/product_id-4116/version_id-194597/Verit...:

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4 do not use TLS for administration-console traffic to the NBU server, which allows remote attackers to obtain sensitive information by sniffing the network for key-exchange packets.

If you are serious about security, you need to upgrade... Current NBU version is 8.3. 

Thanks. We are planning an upgrade but it won't be completed before the current TLS project. Does Netbackup version 7.6.1 use TLS? Your response has the folowing versions listed.

Veritas NetBackup 7.x through 7.5.0.7 and 7.6.0.x through 7.6.0.4 and NetBackup Appliance through 2.5.4 and 2.6.0.x through 2.6.0.4

RiaanBadenhorst
Moderator
Moderator
Partner    VIP    Accredited Certified
It does not use TLS at all pointed out by Marianne.

If you do anything with Windows databases, including AD, ADAM, Exchange, SharePoint, and DFSR, you cannot disable TLS 1.0 on the clients until at least NetBackup 8.2 or 8.3. Look in the Compatibility list for the specific NetBackup version.

The clients can't get away from TLS. For example, Exchange Web Services (EWS) uses it.