Choose your language

Choose your login

Support

How can we help?

Lightbulb icon
Lightbulb icon

Here’s your answer

Sources:

Lightbulb icon

Oops!

We currently don’t have an answer for this and our teams are working on resolving the issue. If you still need help,
User reading a resource

Popular resources

Conversation bubbles

Contact us

Enhance Mobility Print server security with a custom TLS setting

This page applies to:

TLS (Transport Layer Security) is a transport protocol that provides security for end-to-end communications. It ensures confidentiality, integrity, and authenticity between the Mobility Print clients and server.

The algorithm used is chosen from the CipherSuites, a list of algorithms included in each version of TLS. You can find out more about them on the TLS Parameters page .

When Mobility Print starts for the first time, it defaults to use minimum TLS version 1.0 and a default list of secure cipher suites, with a preference order based on hardware performance.

It also creates an example tls.conf.toml file in the data folder, which contains the field names so you can customize them for your TLS version and cipher suites.

We recommend you determine the applicable TLS version and Cipher Suites for the server based on your desired security requiremets. Ensure the setting allows for your end users’ devices to communicate with the Mobility Print server. Remember, older devices might not support the latest and greatest cipher suites.

Configure TLS

  1. Make sure you are on a Mobility Printserver that is greater than 1.0.2903. Check the Mobility Print Admin page. You cannot configure TLS on versions below this.
  2. Go to <Mobility Print server install location>/data/config.
  3. Open the tls.conf.toml file as a text file.
  4. To configure the values to reflect desired security requirements, uncomment (remove prefixed “#’’s); then add, edit, or remove values. To add a cipher, type a comma after the last cipher and be sure to use quotation marks around the string. For example, [... ""TLS_AES_128_GCM_SHA256"", "TLS_AES_256_GCM_SHA384"].
  5. Save the file.
  6. Restart your Mobility Print server.
  7. Test printing from your Mobility Print clients using these new settings.

Valid MinVersion and CipherSuites values

The table below shows a list of the valid values.

  • If there is an unrecognized value in either MinVersion and CipherSuites, the server will stop running immediately and log the error in the config file indicating which value is unrecognized.
  • If CipherSuites is empty, Mobility Print will use a default list of secure cipher suites, with a preference order based on hardware performance. If a list of suites is configured, only the cipher suites listed will be used.
KEY DESCRIPTION VALID VALUES
MinVersion The minimum TLS version accepted by the server “VersionTLS10"
"VersionTLS11"
"VersionTLS12"
"VersionTLS13”
CipherSuites The supported cipher suites for TLS versions up to TLS 1.3. // The cipher suites in this section are only
supported for TLS1.3.
"TLS_AES_128_GCM_SHA256"
"TLS_AES_256_GCM_SHA384"
"TLS_CHACHA20_POLY1305_SHA256”
// The cipher suites in this section are only
supported from TLS1.0 to TLS1.2.
"TLS_RSA_WITH_3DES_EDE_CBC_SHA"
"TLS_RSA_WITH_AES_128_CBC_SHA"
"TLS_RSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
"TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"
"TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"
"TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"
// The cipher suites in this section are only
supported in TLS1.2
"TLS_RSA_WITH_AES_128_GCM_SHA256"
"TLS_RSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

Comments