Force CRIO to use TLS1.2

Gryffin · ‎07-15-2024

Hello,

How do I force my CRIO-9034, 9040, and 9048 to only accept TLS 1.2 for SSH?

Thanks

rolfk · ‎07-16-2024

@Gryffin wrote:

Hello,

How do I force my CRIO-9034, 9040, and 9048 to only accept TLS 1.2 for SSH?

Which LabVIEW version? Which SSH functions?

Rolf Kalbermatter
My Blog

Gryffin · ‎07-16-2024

After some reading, it seems that TLS is only used with HTTPS for the CRIO.

I want to make the web-based configuration page and ALL HTTPS connections (webdav, etc.) to the crio to be forced to a minimum version of TLS1.2.

LabVIEW 2024 Q1

Gryffin · ‎07-16-2024

I believe I've found a way to force CRIOs to a minimum of TLSv1.2

Use PuTTy (I use PuTTYPortable requiring no install) to SSH into a CRIO (let's say CRIO-1 for example)
Login using the admin account
Open openssl.cnf: vi /etc/ssl/openssl.cnf
Scroll to the bottom: Shift-G
Insert a new line: Shift-O
Add: MinProtocol = TLSv1.2
Press Escape, then type ":wq" (no quotes) and press enter to save changes and exit
Restart CRIO, should be good

I've checked that this works by doing this:

Open a linux terminal on the same network with openssl installed (I used another CRIO, lets says CRIO-2)
Try this command: openssl s_client -connect CRIO-1:443 -tls1
- If this command terminates (i.e. the shell allows you to input another command), then TLS1 is disabled
Try this command: openssl s_client -connect CRIO-1:443 -tls1_1
- If this command terminates (i.e. the shell allows you to input another command), then TLS1.1 is disabled
Success!

Can anyone verify please?

LabVIEW