TLS (Transport Layer Security) is a transport protocol that provides security for end-to-end communications. It ensures confidentiality, integrity, and authenticity between the Mobility Print clients and server.
The algorithm used is chosen from the CipherSuites, a list of algorithms included in each version of TLS. You can find out more about them on the TLS Parameters page .
When Mobility Print starts for the first time, it defaults to use minimum TLS version 1.0 and a default list of secure cipher suites, with a preference order based on hardware performance.
It also creates an example tls.conf.toml
file in the data folder, which contains the field names so you can customize them for your TLS version and cipher suites.
We recommend you determine the applicable TLS version and Cipher Suites for the server based on your desired security requiremets. Ensure the setting allows for your end users’ devices to communicate with the Mobility Print server. Remember, older devices might not support the latest and greatest cipher suites.
Configure TLS
- Make sure you are on a Mobility Printserver that is greater than 1.0.2903. Check the Mobility Print Admin page. You cannot configure TLS on versions below this.
- Go to
<Mobility Print server install location>/data/config
. - Open the
tls.conf.toml
file as a text file. - To configure the values to reflect desired security requirements, uncomment (remove prefixed “#’’s); then add, edit, or remove values.
To add a cipher, type a comma after the last cipher and be sure to use quotation marks around the string. For example,
[... ""TLS_AES_128_GCM_SHA256"", "TLS_AES_256_GCM_SHA384"]
. - Save the file.
- Restart your Mobility Print server.
- Test printing from your Mobility Print clients using these new settings.
Valid MinVersion and CipherSuites values
The table below shows a list of the valid values.
- If there is an unrecognized value in either MinVersion and CipherSuites, the server will stop running immediately and log the error in the config file indicating which value is unrecognized.
- If CipherSuites is empty, Mobility Print will use a default list of secure cipher suites, with a preference order based on hardware performance. If a list of suites is configured, only the cipher suites listed will be used.
KEY | DESCRIPTION | VALID VALUES |
---|---|---|
MinVersion | The minimum TLS version accepted by the server | “VersionTLS10" "VersionTLS11" "VersionTLS12" "VersionTLS13” |
CipherSuites | The supported cipher suites for TLS versions up to TLS 1.3. | // The cipher suites in this section are only supported for TLS1.3. "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256” |
// The cipher suites in this section are only supported from TLS1.0 to TLS1.2. "TLS_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" | ||
// The cipher suites in this section are only supported in TLS1.2 "TLS_RSA_WITH_AES_128_GCM_SHA256" "TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 |
Comments