mhebert Posted April 9, 2021 Share Posted April 9, 2021 Can we disable Protocol TLS 1,0 in the director. Cause, that can create security breach on my office network. Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 9, 2021 Share Posted April 9, 2021 Unfortunately, no. I would recommend isolating a Control4 system away from the rest of the important network anyways. Quote Link to comment Share on other sites More sharing options...
msgreenf Posted April 9, 2021 Share Posted April 9, 2021 What version c4 are you running? Quote Link to comment Share on other sites More sharing options...
Cyknight Posted April 9, 2021 Share Posted April 9, 2021 Version 2.7.2 and up should be running on TLS 1.2 msgreenf 1 Quote Link to comment Share on other sites More sharing options...
Cyknight Posted April 9, 2021 Share Posted April 9, 2021 Just now, Cyknight said: Version 2.7.2 and up should be running on TLS 1.2 I should add, as of October last year all systems 2.7.2 and up should have auto updated to TLS 1.2 - it's possible that somehow that didn't go through. Basically if you can use the C4 phone app, you would be on TLS 1.2 msgreenf 1 Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 9, 2021 Share Posted April 9, 2021 2 minutes ago, Cyknight said: Version 2.7.2 and up should be running on TLS 1.2 For cloud, that is true. For other local connections. 3.2.1 still has tls1.0 enabled. Working on getting that updated, not there yet. Quote Link to comment Share on other sites More sharing options...
Cyknight Posted April 9, 2021 Share Posted April 9, 2021 8 minutes ago, Dunamivora said: For cloud, that is true. For other local connections. 3.2.1 still has tls1.0 enabled. Working on getting that updated, not there yet. Oh, surprised by that, thought local stuff was already using TLS 1.1 as of 2016? Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 9, 2021 Share Posted April 9, 2021 1 minute ago, Cyknight said: Oh, surprised by that, thought local stuff was already using TLS 1.1 as of 2016? I wish. If a scan is done, the T3s/T4s, and controllers will all show a few insecure configs. Director allows anonymous ssl for one. Quote Link to comment Share on other sites More sharing options...
mhebert Posted April 9, 2021 Author Share Posted April 9, 2021 I run with the last version 3.2.1.58 Quote Link to comment Share on other sites More sharing options...
mhebert Posted April 9, 2021 Author Share Posted April 9, 2021 so, someone know, where is that feature on the roadmap, to be able to switch on 1.2. Security in 2021 on internet should be the top priority so far before a....ringbell Quote Link to comment Share on other sites More sharing options...
msgreenf Posted April 9, 2021 Share Posted April 9, 2021 Selling new hardware makes money Fixing TLM doesn't... That isn't to say I don't agree with you... Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 9, 2021 Share Posted April 9, 2021 15 minutes ago, mhebert said: so, someone know, where is that feature on the roadmap, to be able to switch on 1.2. Security in 2021 on internet should be the top priority so far before a....ringbell Future things are not shared by company policy. The most I can say is it is known. Quote Link to comment Share on other sites More sharing options...
mhebert Posted April 9, 2021 Author Share Posted April 9, 2021 39 minutes ago, Dunamivora said: Future things are not shared by company policy. The most I can say is it is known. thanks Quote Link to comment Share on other sites More sharing options...
Cyknight Posted April 10, 2021 Share Posted April 10, 2021 On 4/9/2021 at 11:04 AM, mhebert said: so, someone know, where is that feature on the roadmap, to be able to switch on 1.2. Security in 2021 on internet should be the top priority so far before a....ringbell On 4/9/2021 at 11:06 AM, msgreenf said: Selling new hardware makes money Fixing TLM doesn't... That isn't to say I don't agree with you... That's not really fair - you're talking about completely different people/departments working on these things. C4 HAS been (pro)actively working to increase security and to comply with new standards on security and AFAIK have several dedicated people working on it full-time. Not to say that I disagree it should be high priority! -defunct- 1 Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 10, 2021 Share Posted April 10, 2021 Cyknight, You're right. The cyber team is growing and I don't like taking no as an answer, lol. I'm sure you likely know how persistent I am. msgreenf 1 Quote Link to comment Share on other sites More sharing options...
msgreenf Posted April 10, 2021 Share Posted April 10, 2021 19 minutes ago, Cyknight said: That's not really fair - you're talking about completely different people/departments working on these things. C4 HAS been (pro)actively working to increase security and to comply with new standards on security and AFAIK have several dedicated people working on it full-time. Not to say that I disagree it should be high priority! It's not fair but it's reality. Only so many cycles per sprint. Quote Link to comment Share on other sites More sharing options...
Gary Leeds UK Posted April 10, 2021 Share Posted April 10, 2021 On 4/9/2021 at 5:11 PM, Dunamivora said: Unfortunately, no. I would recommend isolating a Control4 system away from the rest of the important network anyways. Can a dealer do this ? Has I will need to advise our security team about this - Long Story Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 10, 2021 Share Posted April 10, 2021 2 minutes ago, Gary Leeds UK said: Can a dealer do this ? Has I will need to advise our security team about this - Long Story If the dealer manages the network, yes, the dealer can create a vlan and isolate the Control4 system. If not, the dealer needs to work with whoever manages the network to isolate the system. msgreenf 1 Quote Link to comment Share on other sites More sharing options...
-defunct- Posted April 10, 2021 Share Posted April 10, 2021 Nobody, not even Control4, can disable TLS1.0/1.1 for the local connections for the current and past OS versions. msgreenf 1 Quote Link to comment Share on other sites More sharing options...
Gary Leeds UK Posted April 11, 2021 Share Posted April 11, 2021 10 hours ago, Dunamivora said: If the dealer manages the network, yes, the dealer can create a vlan and isolate the Control4 system. If not, the dealer needs to work with whoever manages the network to isolate the system. Cheers will get the IT department to do there thing Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.