ROOMZ Device Network Requirements and TLS Limitations

Owned by Amar Zerig
Last updated: Dec 11, 2024
2 min read

Device Limitations: TLS Protocol and Ciphers

ROOMZ devices use the TLS protocol to ensure secure communications. Below are the details based on network configurations and servers used:

1. Communication with the Radius Server (WPA2 Enterprise)

  • Supported TLS version:

    • TLS 1.0 only. ROOMZ devices do not support TLS 1.1 or above versions for this connection.

  • Supported ciphers:

    • TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

    • TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

    • TLS_RSA_WITH_RC4_128_SHA (0x0005)

    • TLS_RSA_WITH_RC4_128_MD5 (0x0004)

Important: If your Radius server or network infrastructure does not support TLS 1.0 or the ciphers listed above, the connection will fail

2. WPA2 Personal (PSK - Pre-Shared Key)

  • TLS is not used.

  • Security relies on a pre-shared key (PSK), and encryption is ensured by standards such as AES-CCMP.

✅ This configuration is not affected by TLS or cipher limitations.

3. Communication with the ROOMZ Server (Azure Cloud Environment)

  • Supported TLS version: TLS 1.2 only.

  • Supported ciphers:

    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

    • TLS_RSA_WITH_AES_256_CBC_SHA

    • TLS_RSA_WITH_AES_128_CBC_SHA

    • And other modern ciphers compatible with Azure.

✅ These ciphers and TLS 1.2 are exclusively used for communication with the ROOMZ server.

Recommendations

  1. ROOMZ recommends creating a dedicated IoT network for ROOMZ devices, with:

  2. If using WPA2 Enterprise:

    • Ensure your Radius server supports TLS 1.0 and the listed ciphers.

    • If your Radius server requires TLS 1.2, ROOMZ devices will not be able to authenticate successfully.

  3. If WPA2 Enterprise is not required:

    • Consider using WPA2 Personal, which eliminates the constraints related to TLS.

Security

Creating a dedicated IoT network for ROOMZ devices, combined with strict access restrictions, minimizes the risk of breaches and enhances the overall security of your network infrastructure.

For any questions or assistance, our support team is available to help.

Contact