Define the Secure Protocol Support

ATTENTION: This section and associated topics apply to the Original WebX client only.

The Secure Protocol Support section allows you to secure the level of encryption that is used by Original WebX clients when connected to the Geo SCADA Expert Server. The primary reason for managing the level and type of encryption is to mitigate the POODLE (Padding Oracle On Downgraded Legacy Encryption) exploit, which takes advantage of clients using SSL 3.0 encryption.

Older clients and servers may not support newer TLS 1.0 encryption, in isolated installations the use of the weaker SSL 3.0 encryption may be acceptable.

To specify the encryption settings that exist on your system:

  1. Use the following fields in the Secure Protocol Support section.

    • Minimum Supported Protocol—This combo box allows you to select the minimum supported protocol that you want to implement for client connections:
      • SSL 3.0 (the weakest)
      • TLS 1.0
      • TLS 1.1 (the strongest)

      If a client does not support the level of encryption protocol the server can downgrade the protocol to allow the client to establish a connection if Support TLS_FALLBACK_SCSV...is not selected.

    • Support TLS_FALLBACK_SCSV to help defend against downgrade attacks—Select this check box to stop connections being downgraded if the minimum required protocol is not supported by a client. This will cause some clients not to be able to connect to the server if the encryption level of the client does not match the server settings.
  2. Apply the changes to the server.

Further Information

Original WebX Security Settings, Connection Settings and Preferences.


Disclaimer

Geo SCADA Expert 2019