Device Limitations: TLS Protocol and Ciphers
ROOMZ devices use the TLS protocol to ensure secure communications. Below are the details based on network configurations and servers used:
1. Communication with the Radius Server (WPA2 Enterprise)
Supported TLS version:
TLS 1.0 only. ROOMZ devices do not support TLS 1.2 or above versions for this connection.
Supported ciphers:
TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
TLS_RSA_WITH_RC4_128_SHA (0x0005)
TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Important: If your Radius server or network infrastructure does not support TLS 1.0 or the ciphers listed above, the connection will fail
2. WPA2 Personal (PSK - Pre-Shared Key)
TLS is not used.
Security relies on a pre-shared key (PSK), and encryption is ensured by standards such as AES-CCMP.
✅ This configuration is not affected by TLS or cipher limitations.
3. Communication with the ROOMZ Server (Azure Cloud Environment)
Supported TLS version: TLS 1.2 only.
Supported ciphers:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
And other modern ciphers compatible with Azure.
✅ These ciphers and TLS 1.2 are exclusively used for communication with the ROOMZ server.
Recommendations
ROOMZ recommends creating a dedicated IoT network for ROOMZ devices, with:
A restricted connection allowing access only to:
https://api.roomz.io on port 443.
If using WPA2 Enterprise:
Ensure your Radius server supports TLS 1.0 and the listed ciphers.
If your Radius server requires TLS 1.2, ROOMZ devices will not be able to authenticate successfully.
If WPA2 Enterprise is not required:
Consider using WPA2 Personal, which eliminates the constraints related to TLS.
Security
Creating a dedicated IoT network for ROOMZ devices, combined with strict access restrictions, minimizes the risk of breaches and enhances the overall security of your network infrastructure.
For any questions or assistance, our support team is available to help.