Jump to content

Elk M1XEP not compatible with windows 10


tandar

Recommended Posts

From the article:

 

 

 

However, you must retain a PC with Windows, 8, 7, or XP to connect to currently installed XEP’s.

 

Nice going Elk! The deprecation of older crypto should not be news to any tech company. It's been over two years coming. Will they be shipping replacements to customers that don't have the old OS available?

 

Every single PC in my home is now Windows 10. Time to put my Windows / Crypto knowledge to the test to figure out how to allow the connection. It's even broken connecting thru my stunnel proxy - though I'm not sure it ever worked with ElkRP

Link to comment
Share on other sites

So looks like not just the TLS version, but also key length as well. Strange that there have been no reports of problems with the ISY, as I believe it uses a 512 bit cert by default.

Cert and crypto strength are unrelated. Microsoft removed support for cert sizes <1024 with a Windows Update in the mid-Windows 8 timeframe. I doubt that's the issue. More likely it's the cipher suite that the XEP is offering that's no longer supported by Windows.

Link to comment
Share on other sites

Not that hard folks. Install an older Windows as a guest OS using VirtualBox. I have a XP VM guest OS for the sole purpose of running ElkRP software and firmware upgrades.

My not be hard - but it's grey license wise. I prefer to stay in the clear with regards to licensing since I'm in a privileged position at work with regards to licensing.

Link to comment
Share on other sites

The M1XEP has a 512 bit cert, so unless it's broken on Windows 8 as well, that's likely not the case. I don't think it's the cipher suite either, as a thread going on the cocoontech forums shows the Elk only supports SSL3/TLS 1.0, but when re-enabled the connection gets halfway then dies. I suspect it is both TLS version and Key Length.

 

I wholeheartedly agree that Elk had plenty of time to remediate this before it became a problem (the Windows 10 previews have been out for a long time). The problem is the embedded industry in general treats security like an afterthought. I suspect another issue is they have very limited processing power on the M1XEP, and once they release the patch we'll see some pretty piss-poor TLS performance.

 

All that being said, some responsibility falls on the users for jumping into an OS before verifying all their applications work.

 

I'll stick with my RPI running stunnel... Works great, performance is not pathetic, and I can use proper certs.

Link to comment
Share on other sites

@giesen I have a stunnel working for eKeypad talking to the M1XEP (since Android 5.x dropped this support with 5.0). However, ElkRP2 does not work thru the same proxy. Does it work for you? If so, could you share your stunnel config?

Link to comment
Share on other sites

@giesen I have a stunnel working for eKeypad talking to the M1XEP (since Android 5.x dropped this support with 5.0). However, ElkRP2 does not work thru the same proxy. Does it work for you? If so, could you share your stunnel config?

My apologies, you are correct that ElkRP2 doesn't work through the stunnel proxy (presumable because it cant validate the cert).

 

I'm using stunnel for remote connections and direct for local.

@giesen,

 

Default ISY cert is 1024 and you can install 2048 or even 4096. Yes I know it's slower but, again, default is 1024.

 

With kind regards,

Michel

Michel,

 

Thanks for the clarification. Replaced the cert on mine long ago so couldn't remember.

Link to comment
Share on other sites

Windows licenses are non-portable. So, assuming you purchased a retail license (or have virtualization rights by virtue of an EA or other license agreement) then you're all good. Never meant to imply otherwise.

 

Problem is, many think they can upgrade their Windows XP/7/8 to Windows 7/8/10, then continue to run the earlier Windows in a VM. You need an additional license for that. And you cannot buy XP licenses anymore.

Link to comment
Share on other sites

I'm fairly certain you will lose IP communications to monitoring centre if you go with this solution (if that matters to you).

 

I'm not monitoring via IP.  I really think IP is a very poor choice regardless.  Unless perhaps you have an enterprise level internet connection.

 

I also don't see the big concern about license issues on MS.  If you have a license to run Windows on one PC and that same license is both Win7 and Wind10 eligible, what difference does it make if you boot one at one time and boot another at a different time, provided you only boot one at a time on one pc.  For my own part, I imaged my Win7 computers and installed that back to a spare drive, booted off it to make sure I had a fail safe return to Win7 if my upgrade went cafluey, then I updated to win10.  So I could still pop that old HDD back in and boot Win7 again.  You could do the same with a drive partition as well, but I prefer the physically different drive to further reduce risk.

Link to comment
Share on other sites

I also don't see the big concern about license issues on MS. If you have a license to run Windows on one PC and that same license is both Win7 and Wind10 eligible, what difference does it make if you boot one at one time and boot another at a different time, provided you only boot one at a time on one pc. For my own part, I imaged my Win7 computers and installed that back to a spare drive, booted off it to make sure I had a fail safe return to Win7 if my upgrade went cafluey, then I updated to win10. So I could still pop that old HDD back in and boot Win7 again. You could do the same with a drive partition as well, but I prefer the physically different drive to further reduce risk.

 

Part of the terms of the free Windows 10 upgrade are that you give up your licence to Windows 7. And corporations pay more to get virtualization rights.

 

Now you can do what you want, I don't really care and I doubt Microsoft will come after you anyways for a single license violation, just saying according to the terms of the upgrade you've given up your Windows 7 rights (unless you perform a downgrade, in which case you give up your Windows 10 rights). One reason (out of many) I have not moved to Windows 10 yet.

Link to comment
Share on other sites

When did this happen? Before or after you updgraded the firmware? I have myKeypad and it is currently working fine, but I haven't updgraded the firmware.

It stopped working when my Nexus updated to 5.1, and older cryptographic algorithms were removed from Android.

Link to comment
Share on other sites

It stopped working when my Nexus updated to 5.1, and older cryptographic algorithms were removed from Android.

 

Still running 4.4.2 on my Android.  I don't see any compelling reason to change that, especially since I'll lose root.

 

So I'm going to assume that updating the Elk will not cause mykeypad to stop?

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.


×
×
  • Create New...