Xibo Cloud - TLS 1.0/1.1 Deprecation - Action Required

Xibo Cloud - TLS 1.0/1.1 Deprecation - Action Required

Action Required by 1st August 2021

"TLS 1.0 and 1.1 are now considered deprecated by the security industry in favour of TLS 1.2 or TLS 1.3 which offer better levels of security."

Summary

A summary of the content of this article appears below. Please be sure to read the complete article as there is further important information beyond the summary.

  • New Xibo Cloud CMS instances created after 12 noon UTC on Friday 5th June 2020 will not accept TLS 1.0/1.1 connections.
  • Existing Xibo Cloud CMS instances will stop accepting TLS 1.0/1.1 connections on 1st August 2021.
  • If you would prefer your Xibo Cloud CMS stopped accepting TLS 1.0/1.1 connections sooner then please open a ticket with our support team who can arrange that for you.

Android

  • To continue using a Xibo Cloud CMS after 31st July 2021 on an Android 4.4 or earlier device, you will need to ensure you have upgraded to Xibo for Android 2 R206 or later if you're running Xibo for Android version 2 or Xibo for Android 1.8 R110 or later if you're running Xibo for Android version 1.8.
  • Xibo for Android will no longer support Android 4.4 from version 3 onwards
  • Customers using Android 5 or later are advised to read further but do not need to take immediate action.
  • DSCS9 Players run Android 6 or Android 7.
  • We suggest ensuring that your Xibo for Android installs are running on Android 7 or later based devices

Windows

  • To continue using a Xibo Cloud CMS after 31st July 2020 on a Windows computer, you will need to ensure you have upgraded to Xibo for Windows 2 R201 or later if you're running Xibo for Windows version 2, or Xibo for Windows 1.8.14 or later if you're running Xibo for Windows version 1.8.

webOS, Tizen and Linux

No action is required for these Player types.

TLS Background

Secure communications over https form the backbone of the modern internet experience guaranteeing that data flowing is both encrypted, and is being sent to the destination you think it is. Encryption technology has evolved over time and older standards are phased out as the level of protection they offer is considered to be low in comparison to newer protocols.

TLS (Transport Later Security), the sucessor to SSL (Secure Sockets Layer), is a suite of protocols that are used to deliver secure http traffic over the internet. TLS 1.0 was released in 1999 and has known vulnerabilities (all of which are mitigated on Xibo Cloud at the time of writing). TLS 1.1 is rarely used as most software which supports TLS 1.1 also supports TLS 1.2 and uses that in preference. TLS 1.0 and 1.1 are now considered deprecated by the security industry in favour of TLS 1.2 or TLS 1.3 which offer better levels of security.

In order to make a secure http connection, the device making the connection and the web server need to be able to speak using the same TLS protocol version. Unfortunately older versions of Android (prior to Android version 5) have TLS 1.2 disabled by default, so an update to Xibo for Android is required to specifically enable that for communication with the CMS.

In order to maintain security of Xibo Cloud, we will be turning off support for TLS 1.0 and 1.1 on 1st August 2021. That means you need to ensure any Player devices are compatible before that date.

LetsEncrypt

LetsEncrypt is a popular internet certificate signing authority or CA. On July 8th 2020 29th September 2020, they will begin serving certificates in a way which may break compatiblity with older Android devices. It's hard to say exactly which devices will be affected as each manufacturer builds their own list of CAs they trust, but we think that most Android 7.1.1 or later devices will have support for LetsEncrypt certificates.

Xibo Cloud currently uses LetsEncrypt certificates, but will swap to an alternative to maintain comaptiblity with older Android devices in the short term.

We strongly suggest checking compatiblity with the LetsEncrypt X1 root CA and your Android devices, and if possible adding the X1 root CA to the list of trusted CAs on your device before 8th July 2020 29th September 2020 as otherwise you may encounter issues with content embedded from third party webservers (eg using the webpage, HLS, or embedded widgets) if they are using LetsEncrypt certificates.

Note: The date for this change by LetsEncrypt was originaly 8th July 2020 however it has been pushed back to 29th September 2020.

Actions Required for Android Devices

DSCS9

  • No immediate action is required to maintain connection with Xibo Cloud. All DSCS9s run Android 6.0.1 and laterly Android 7.1.2 and so will continue to connect to Xibo Cloud without any change.
  • If you have a DSCS9 running Android 6.0.1, you may wish to consider upgrading its firmware to Android 7.1.2.
  • If you intend to remain on Android 6 with a DSCS9 then we strongly advise installing the LetsEncrypt X1 root CA on your device before 29th September 2020. This is to ensure maximum compatibility with third party websites which you may be embedding in to your layouts.
  • DSCS9s running Android 7.1.2 are already fully compatible and need no actions taken.

Non-Rooted Devices running Android version 4

If you have a non-rooted device running a version of Android before Android 5, then please be aware that you will not be able to use Xibo for Android version 3 on this device.

Please ensure you upgrade to Xibo for Android 2 R206 or Xibo for Android 1.8 R110 before 1st August 2021 to ensure you can continue to connect to your Xibo Cloud CMS.

You may find that content embedded from third party webservers (eg using the webpage, HLS, or embedded widgets) stop working over the coming months where you are making secure HTTPS connections.

That will be due to TLS 1.0/1.1 being deprecated on other sites and services and is outside the control of Xibo.

Rooted Devices running Android version 4

If you have a rooted device running a version of Android before Android 5, then please be aware that you will not be able to use Xibo for Android version 3 on this device.

Please ensure you upgrade to Xibo for Android 2 R206 or Xibo for Android 1.8 R110 before 1st August 2021 to ensure you can continue to connect to your Xibo Cloud CMS.

You may find that content embedded from third party webservers (eg using the webpage, HLS, or embedded widgets) stop working over the coming months where you are making secure HTTPS connections.

That will be due to TLS 1.0/1.1 being deprecated on other sites and services and is outside the control of Xibo.

We strongly advise installing the LetsEncrypt X1 root CA on your device before 29th September 2020. This is to ensure maximum compatibility with third party websites which you may be embedding in to your layouts.

Non-Rooted Devices running Android 5 and later

Your device already has support for TLS1.2 so will continue to connect to Xibo Cloud without modification.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You must use the built in web browser and not Chrome for this.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then please be aware that your device may stop being able to make connections to some https websites after 29th September 2020.

Your device manufacturer may be able to provide you updated firmware.

Rooted Devices running Android 5 and later

Your device already has support for TLS1.2 so will continue to connect to Xibo Cloud without modification.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You must use the built in web browser and not Chrome for this.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you will need to import the LetsEncrypt X1 root CA on your device before 29th September 2020.

Actions Required for Windows Devices

Xibo for Windows v2

Please ensure you have upgraded to Xibo for Windows v2 R201 or later version before 1st August 2021.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.

Xibo for Windows v1.8

Please ensure you have upgraded to Xibo for Windows 1.8.14 or later version before 1st August 2021.

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.

Xibo for Windows v1.7 and earlier

If possible you should upgrade to Xibo version 1.8 or later version.

If you cannot do so, then you may be able to force the .net Framework on your computer to use TLS 1.2 instead. See our FAQ on enabling TLS 1.2

We suggest that you check compatibility with LetsEncrypt certificates by visiting https://valid-isrgrootx1.letsencrypt.org in the browser on your device. You should use Edge or Internet Explorer to do so.

If you don't receive a certificate warning, then no action is required.

If you do receive a certificate warning, then you should ensure you apply Windows Updates to update your Windows root certificate list.