Jump to content

Elk M1XEP not compatible with windows 10

tandar

By tandar
in ELK

Recommended Posts

giesen Experienced

giesen

Posted
Posted

So looks like not just the TLS version, but also key length as well. Strange that there have been no reports of problems with the ISY, as I believe it uses a 512 bit cert by default.

MWareman Advanced

MWareman

Posted
Posted

From the article:

 

 

 

However, you must retain a PC with Windows, 8, 7, or XP to connect to currently installed XEP’s.

 

Nice going Elk! The deprecation of older crypto should not be news to any tech company. It's been over two years coming. Will they be shipping replacements to customers that don't have the old OS available?

 

Every single PC in my home is now Windows 10. Time to put my Windows / Crypto knowledge to the test to figure out how to allow the connection. It's even broken connecting thru my stunnel proxy - though I'm not sure it ever worked with ElkRP

MWareman Advanced

MWareman

Posted
Posted

So looks like not just the TLS version, but also key length as well. Strange that there have been no reports of problems with the ISY, as I believe it uses a 512 bit cert by default.

Cert and crypto strength are unrelated. Microsoft removed support for cert sizes <1024 with a Windows Update in the mid-Windows 8 timeframe. I doubt that's the issue. More likely it's the cipher suite that the XEP is offering that's no longer supported by Windows.

MWareman Advanced

MWareman

Posted
Posted

Not that hard folks. Install an older Windows as a guest OS using VirtualBox. I have a XP VM guest OS for the sole purpose of running ElkRP software and firmware upgrades.

My not be hard - but it's grey license wise. I prefer to stay in the clear with regards to licensing since I'm in a privileged position at work with regards to licensing.

giesen Experienced

giesen

Posted
Posted

The M1XEP has a 512 bit cert, so unless it's broken on Windows 8 as well, that's likely not the case. I don't think it's the cipher suite either, as a thread going on the cocoontech forums shows the Elk only supports SSL3/TLS 1.0, but when re-enabled the connection gets halfway then dies. I suspect it is both TLS version and Key Length.

 

I wholeheartedly agree that Elk had plenty of time to remediate this before it became a problem (the Windows 10 previews have been out for a long time). The problem is the embedded industry in general treats security like an afterthought. I suspect another issue is they have very limited processing power on the M1XEP, and once they release the patch we'll see some pretty piss-poor TLS performance.

 

All that being said, some responsibility falls on the users for jumping into an OS before verifying all their applications work.

 

I'll stick with my RPI running stunnel... Works great, performance is not pathetic, and I can use proper certs.

MWareman Advanced

MWareman

Posted
Posted

@giesen I have a stunnel working for eKeypad talking to the M1XEP (since Android 5.x dropped this support with 5.0). However, ElkRP2 does not work thru the same proxy. Does it work for you? If so, could you share your stunnel config?

giesen Experienced

giesen

Posted
Posted

@giesen I have a stunnel working for eKeypad talking to the M1XEP (since Android 5.x dropped this support with 5.0). However, ElkRP2 does not work thru the same proxy. Does it work for you? If so, could you share your stunnel config?

My apologies, you are correct that ElkRP2 doesn't work through the stunnel proxy (presumable because it cant validate the cert).

 

I'm using stunnel for remote connections and direct for local.

@giesen,

 

Default ISY cert is 1024 and you can install 2048 or even 4096. Yes I know it's slower but, again, default is 1024.

 

With kind regards,

Michel

Michel,

 

Thanks for the clarification. Replaced the cert on mine long ago so couldn't remember.

elvisimprsntr Advanced

elvisimprsntr

Posted
Posted

My not be hard - but it's grey license wise. I prefer to stay in the clear with regards to licensing since I'm in a privileged position at work with regards to licensing.

I never suggested using anything but a licensed copy of Windows.
MWareman Advanced

MWareman

Posted
Posted

Windows licenses are non-portable. So, assuming you purchased a retail license (or have virtualization rights by virtue of an EA or other license agreement) then you're all good. Never meant to imply otherwise.

 

Problem is, many think they can upgrade their Windows XP/7/8 to Windows 7/8/10, then continue to run the earlier Windows in a VM. You need an additional license for that. And you cannot buy XP licenses anymore.

apostolakisl Advanced

apostolakisl

Posted
Posted

I'm fairly certain you will lose IP communications to monitoring centre if you go with this solution (if that matters to you).

 

I'm not monitoring via IP.  I really think IP is a very poor choice regardless.  Unless perhaps you have an enterprise level internet connection.

 

I also don't see the big concern about license issues on MS.  If you have a license to run Windows on one PC and that same license is both Win7 and Wind10 eligible, what difference does it make if you boot one at one time and boot another at a different time, provided you only boot one at a time on one pc.  For my own part, I imaged my Win7 computers and installed that back to a spare drive, booted off it to make sure I had a fail safe return to Win7 if my upgrade went cafluey, then I updated to win10.  So I could still pop that old HDD back in and boot Win7 again.  You could do the same with a drive partition as well, but I prefer the physically different drive to further reduce risk.

giesen Experienced

giesen

Posted
Posted

I also don't see the big concern about license issues on MS. If you have a license to run Windows on one PC and that same license is both Win7 and Wind10 eligible, what difference does it make if you boot one at one time and boot another at a different time, provided you only boot one at a time on one pc. For my own part, I imaged my Win7 computers and installed that back to a spare drive, booted off it to make sure I had a fail safe return to Win7 if my upgrade went cafluey, then I updated to win10. So I could still pop that old HDD back in and boot Win7 again. You could do the same with a drive partition as well, but I prefer the physically different drive to further reduce risk.

 

Part of the terms of the free Windows 10 upgrade are that you give up your licence to Windows 7. And corporations pay more to get virtualization rights.

 

Now you can do what you want, I don't really care and I doubt Microsoft will come after you anyways for a single license violation, just saying according to the terms of the upgrade you've given up your Windows 7 rights (unless you perform a downgrade, in which case you give up your Windows 10 rights). One reason (out of many) I have not moved to Windows 10 yet.

MWareman Advanced

MWareman

Posted
Posted

When did this happen? Before or after you updgraded the firmware? I have myKeypad and it is currently working fine, but I haven't updgraded the firmware.

It stopped working when my Nexus updated to 5.1, and older cryptographic algorithms were removed from Android.

apostolakisl Advanced

apostolakisl

Posted
Posted

It stopped working when my Nexus updated to 5.1, and older cryptographic algorithms were removed from Android.

 

Still running 4.4.2 on my Android.  I don't see any compelling reason to change that, especially since I'll lose root.

 

So I'm going to assume that updating the Elk will not cause mykeypad to stop?

MWareman Advanced

MWareman

Posted
Posted

I'm on 5.1.1 and have root (its a Nexus device). I can't say for sure, but I doubt updating the XEP will cause issues with mykeypad on 4.x

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...