Articles in this section

See more

How to check and/or change the TLS version

Avatar
Nx Support
  • Updated
Follow

Introduction

Cybersecurity holds a significant role within our Software Suite Development cycles. Our steadfast commitment revolves around consistently implementing industry best practices. This continuous effort is geared towards enhancing the application while upholding the comprehensive security of the entire system.

Occasionally, inquiries arise about the TLS versions employed within our applications, or concerns emerge following penetration testing outcomes that reveal the presence of multiple TLS versions. It is crucial to clarify that these identified TLS versions are not actively utilized. Rather, they are maintained exclusively for the purpose of accommodating backward compatibility with pending updates for 3rd party integrations. This approach ensures the seamless evolution of our security measures while upholding compatibility with integral external systems.

How to check the TLS version that is used by the applications

Method 1: 

With Wireshark, you can capture packets from one application to another application, which enables you to check the traffic between our Server application and Desktop Client applications. 

  1. Start Wireshark on either the Server or Client. 
  2. Apply a display filter with the following parameters: 
    tcp.port == 7001 && tls
    This display filter displays the TCP communication over port 7001 (the default port of the VMS) and in particular the TLS protocol. 
  3. When you check the column Protocol, the used TLS version will be displayed. More information, if desired, could be found in the Packet Details panel.

Method 2: 

With the browser, you’re also able to check the TLS version that is used when you navigate to the WebAdmin or the Cloud Client portal. 

For Firefox

  1. Open the Developer Tools (Ctrl+Shift+I)
  2. Select the Network tab
  3. Navigate to the WebAdmin or Cloud Client portal
  4. Select the Network tab in the top bar of the Developer Tools
  5. Select an item in the results and select the Security tab in the pane on the right.
    NOTE: If the Security tab isn’t available, select another item, since it isn’t applicable to all items. 
  6. Under Security, check the Connection and Protocol version to check which TLS protocol is used. 

For Chrome

  1. Open the Developer Tools (Ctrl+Shift+I)
  2. Select the Security tab
  3. Navigate to the WebAdmin or Cloud Client portal
  4. Under Security, check the results for the section Connection to check which TLS protocol is used. 

Change the default TLS version used by the applications

By default, TLS 1.2 is used, TLS 1.3 if possible. However, in case of the need of backward compatibility, people could revert to previous TLS versions by changing the values in the server configuration files.

NOTE: Lowering these values has an impact on the overall security of the system and is never recommended. 

For Windows

  1. Open the registry editor and navigate to:

    HKEY_LOCAL_MACHINE\SOFTWARE\Network Optix\Network Optix Media Server
  2. Add a string value allowedSslVersions and put the value TLSv1.2
  3. Restart the Nx mediaserver defaultMediaServer service

For Linux

  1. Navigate to /opt/<brand>/mediaserver/etc/
  2. Open the mediaserver.conf and add the following entry: allowedSslVersions=tls1_2
  3. Restart the <brand>-mediaserver service

To confirm these changes, you can use the following commands: 

For Linux

Open the Terminal and enter the following command: 

grep "allowedSslVersions" /opt/<brand>/mediaserver/etc/mediaserver.conf

For Windows

Open the command prompt and enter the following command:

reg query "HKEY_LOCAL_MACHINE\SOFTWARE\<brand>\<brand> Media Server" /v "allowedSslVersions"

Change the default TLS version used by the browser

Most browsers use TLS 1.2 or newer as their default value to prohibit you from using previous versions of TLS. Although we do not recommend changing these values, with, for example Firefox, you can change these values for the sake of backward compatibility. 

For Firefox

When you navigate to about:config and search for security.tls.version.m, you’ll notice that the default values are 3 for the minimum version and 4 for the maximum version. Which means that TLS 1.2 is used as a minimum and TLS 1.3 as the maximum. To change these values, you can use the following parameters to change minimum and maximum values.

1 = TLS 1.0 (insecure)

2 = TLS 1.1 (insecure)

3 = TLS 1.2

4 = TLS 1.3

NOTE: If the values of the browser don’t match with values in the mediaserver configuration file, you won’t be able to connect to the system. 

Related Support articles

Related articles

Comments

0 comments

Article is closed for comments.