Xibo Cloud - TLS 1.0/1.1 Deprecation - Action Required

Xibo Cloud - TLS 1.0/1.1 Deprecation - Action Required

Action Required by 1st August 2021

"TLS 1.0 and 1.1 are now considered deprecated by the security industry in favour of TLS 1.2 or TLS 1.3 which offer better levels of security."

Summary

A summary of the content of this article appears below. Please be sure to read the complete article as there is further important information beyond the summary.

  • New Xibo Cloud CMS instances created after 12 noon UTC on Friday 5th June 2020 will not accept TLS 1.0/1.1 connections.
  • Existing Xibo Cloud CMS instances will stop accepting TLS 1.0/1.1 connections on 1st August 2021.
  • If your Cloud CMS was created after 12 noon UTC Friday 5th June 2020 then your Players are already compatible and you have nothing further to do.
  • If your Cloud CMS was created before 12 noon UTC Friday 5th June 2020, then you may need to upgrade the version of the Xibo Player software you're running on your devices if it is too old to be compatible with TLS 1.2/1.3. Details can be found below of the minimum Player version required. In most cases there's no need to upgrade your CMS if you don't want to.
  • If you would prefer your Xibo Cloud CMS stopped accepting TLS 1.0/1.1 connections sooner then please open a ticket with our support team who can arrange that for you.

Android

  • To continue using a Xibo Cloud CMS after 31st July 2021 on an Android 4.4 or earlier device, you will need to ensure you have upgraded to Xibo for Android 2 R206 or later if you're running Xibo for Android version 2 or Xibo for Android 1.8 R110 or later if you're running Xibo for Android version 1.8.
  • Xibo for Android will no longer support Android 4.4 from version 3 onwards
  • Customers using Android 5 or later are advised to read further but do not need to take immediate action.
  • DSCS9 Players run Android 6 or Android 7.
  • We suggest ensuring that your Xibo for Android installs are running on Android 7 or later based devices

Windows

  • To continue using a Xibo Cloud CMS after 31st July 2020 on a Windows computer, you will need to ensure you have upgraded to Xibo for Windows 2 R201 or later if you're running Xibo for Windows version 2, or Xibo for Windows 1.8.14 or later if you're running Xibo for Windows version 1.8.

webOS, Tizen and Linux

No action is required for these Player types.

TLS Background

Secure communications over https form the backbone of the modern internet experience guaranteeing that data flowing is both encrypted, and is being sent to the destination you think it is. Encryption technology has evolved over time and older standards are phased out as the level of protection they offer is considered to be low in comparison to newer protocols.

TLS (Transport Later Security), the sucessor to SSL (Secure Sockets Layer), is a suite of protocols that are used to deliver secure http traffic over the internet. TLS 1.0 was released in 1999 and has known vulnerabilities (all of which are mitigated on Xibo Cloud at the time of writing). TLS 1.1 is rarely used as most software which supports TLS 1.1 also supports TLS 1.2 and uses that in preference. TLS 1.0 and 1.1 are now considered deprecated by the security industry in favour of TLS 1.2 or TLS 1.3 which offer better levels of security.

In order to make a secure http connection, the device making the connection and the web server need to be able to speak using the same TLS protocol version. Unfortunately older versions of Android (prior to Android version 5) have TLS 1.2 disabled by default, so an update to Xibo for Android is required to specifically enable that for communication with the CMS.

In order to maintain security of Xibo Cloud, we will be turning off support for TLS 1.0 and 1.1 on 1st August 2021. That means you need to ensure any Player devices are compatible before that date.

Actions Required for Android Devices

DSCS9

  • No immediate action is required to maintain connection with Xibo Cloud. All DSCS9s run Android 6.0.1 and laterly Android 7.1.2 and so will continue to connect to Xibo Cloud without any change.
  • If you have a DSCS9 running Android 6.0.1, you may wish to consider upgrading its firmware to Android 7.1.2.

Non-Rooted Devices running Android version 4

If you have a non-rooted device running a version of Android before Android 5, then please be aware that you will not be able to use Xibo for Android version 3 on this device.

Please ensure you upgrade to Xibo for Android 2 R206 or Xibo for Android 1.8 R110 before 1st August 2021 to ensure you can continue to connect to your Xibo Cloud CMS.

You may find that content embedded from third party webservers (eg using the webpage, HLS, or embedded widgets) stop working over the coming months where you are making secure HTTPS connections.

That will be due to TLS 1.0/1.1 being deprecated on other sites and services and is outside the control of Xibo.

Rooted Devices running Android version 4

If you have a rooted device running a version of Android before Android 5, then please be aware that you will not be able to use Xibo for Android version 3 on this device.

Please ensure you upgrade to Xibo for Android 2 R206 or Xibo for Android 1.8 R110 before 1st August 2021 to ensure you can continue to connect to your Xibo Cloud CMS.

You may find that content embedded from third party webservers (eg using the webpage, HLS, or embedded widgets) stop working over the coming months where you are making secure HTTPS connections.

That will be due to TLS 1.0/1.1 being deprecated on other sites and services and is outside the control of Xibo.

Non-Rooted Devices running Android 5 and later

Your device already has support for TLS1.2 so will continue to connect to Xibo Cloud without modification.

Rooted Devices running Android 5 and later

Your device already has support for TLS1.2 so will continue to connect to Xibo Cloud without modification.

Actions Required for Windows Devices

Xibo for Windows v2

Please ensure you have upgraded to Xibo for Windows v2 R201 or later version before 1st August 2021.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.

Xibo for Windows v1.8

Please ensure you have upgraded to Xibo for Windows 1.8.14 or later version before 1st August 2021.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.

Xibo for Windows v1.7 and earlier

If possible you should upgrade to Xibo version 1.8 or later version.

If you cannot do so, then you may be able to force the .net Framework on your computer to use TLS 1.2 instead. See our FAQ on enabling TLS 1.2

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.

Frequently Asked Questions

I'm receiving emails from Xibo telling me that my Players or Users are still using TLS 1.0/1.1

We're sending emails bi-weekly to customers who are still making requests using TLS 1.0/1.1. These emails are based on connections on the previous calendar week (Monday-Friday), so if you've just upgraded your Players you may still get a notification from us. If you're unsure, our Support team will be happy to clarify for you.

How can I see what Player versions I'm running from my CMS?

In the CMS, go to the Displays page. Ensure you have no filters set so you can see all of the Displays connected to your CMS. If you don't have the Version column showing, then click on Column Visibility and enable the Version column. You'll now be able to see a list of your Displays and their Player sofware version which you can compare to the minimum versions above.
Screenshot-from-2021-05-07-11-06-59

Do I need to upgrade my CMS at the same time?

In most cases no. Some customers are using this as an opportunity to upgrade their CMS to the latest version as well, however all Xibo Cloud CMS instances have TLS 1.2/1.3 available regardless of the CMS version.

How do I ensure that my CMS users are connecting over TLS 1.2/1.3

If we've sent you an email that tells you that you have connections coming from users over TLS 1.0/1.1, then it's usually because you have one or more people logging in to the CMS from a very old web browser - for example Internet Explorer 6. Please ask your users to ensure they're using an up-to-date browser such as Google Chrome, Mozilla Firefox or Microsoft Edge.