Security

 

With ISL Conference Proxy 4.4 the management of cryptographic key was redesigned. Please refer to the part of the manual which corresponds to the version of your ISL Conference Proxy version:


ISL Conference Proxy 4.4.173 and above

With ISL Conference Proxy 4.4.173 the cryptographic key management was redesigned to allow users to easily generate their own cryptographic keys and manage them. The process of adding a new cryptographic key is described below, together with important notices.


Generate new cryptographic key

Step 1

Open "Security" tab under Configuration -> Advanced.


Step 2

Click "Generate new keys".


Important: ISL Conference Proxy 4.4 uses the 2048 bit RSA keys by default as oposed to 1024 bit RSA keys used by previous versions.


Step 3

Type the bit-size of the new RSA key you wish to create. Default value is 2048 we will set it top 4096 in this example.


Important: Next to Active RSA keys you can see which cryptographic keys are currently in use by ISL Conference Proxy.

Important: You can see that there is an active 1024-bit RSA key as well. That key serves for the purpose of legacy logins. When ISL Conference Proxy is updated to version 4.4 a new 2048-bit key is generated, however the older key is not deleted, so that older applications (downloaded before ISL Conference Proxy was upgraded) can still connect to your ISL Conference Proxy. If you disable the 1024-bit key then all the applications downloaded before the upgrade will stop working.


Step 4

Select the newly generated key and click "Apply" to allow ISL Online applications to begin using it.


Important: Currently ISL Light does not automatically use the strongest key provided. In the future release the strongest key will be used by default. We will show how to enable the newly generated key manually in the steps below.


Manually enable new key


Note: We will show how to check which cryptographic key is used by ISL Light and how to change it to the newly generated key you made in steps above. Download ISL Light from ISL Conference Proxy server and follow the steps below.


Step 1

Click "View Log File".


Step 2

Find the TLS blob in the beginning of log file which contains information about the cryptographic key used. 

Note: As you can see ISL Light is using the 1024-bit RSA key. Let's see how to make it use the newly generated key.


Step 3

Open "Settings" in ISL Light.


Step 4

Click "Flags" tab and confirm that you are aware of the implications of changing the program flags.


Step 5

Click the check box to set the "automatic key upgrade" flag.


Step 6

Launch ISL Light again and open the log file. You can see that the 4096-bit RSA key is used.


Important notices

Some notices are recapped here as this is a highly important topic that affects the security and functionality of products provided by ISL Online

  • Do not delete older keys from ISL Conference Proxy as they provide compatibility with older versions of downloaded software. Only remove the older key if you know what you are doing. Older programs that were downloaded before the upgrade to version 4.4 will not work anymore as TLS handshake will fail.
  • ISL Conference Proxy 4.4 uses the 2048 bit RSA keys by default as oposed to 1024 bit RSA keys used by previous versions.
  • ISL Conference Proxy 4.4 has an active 1024-bit RSA key as well. That key serves for the purpose of legacy logins. When ISL Conference Proxy is updated to version 4.4 a new 2048-bit key is generated, however the older key is not deleted, so that older applications (downloaded before ISL Conference Proxy was upgraded) can still connect to your ISL Conference Proxy. If you disable the 1024-bit key then all the applications downloaded before the upgrade will stop working.
  • Currently ISL Light does not automatically use the strongest key provided. In the future release the strongest key will be used by default. We will show how to enable the newly generated key manually in the steps below.

Important: Generating your own custom crypto keys on this page will require you to create a  backup of "C:\Program Files (x86)\ISL Conference Proxy\objects\advsec_key_*" Downloaded programs will require crypto keys to match and will otherwise refuse connections if keys are missing in ISL Conference Proxy. If you have existing machines with old keys, you will need to remove them from registry - remove the appropriate entry for your server from HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ISL Online\Grid and/or HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid, then download a new program and run it.


ISL Conference Proxy 4.4.172 and below

This menu entry includes the following options:

  • Software Signatures
  • Client to server connections
  • Client to client connections

Each setting allows you to specify the software security preferences. You can chose between medium and high security and specify the generated RSA key and DH parameter bits.

Important: Generating your own custom crypto keys on this page will require you to create a  backup of "C:\Program Files (x86)\ISL Conference Proxy\objects\advsec_key_*" Downloaded programs will require crypto keys to match and will otherwise refuse connections if keys are missing in ISL Conference Proxy. If you have existing machines with old keys, you will need to remove them from registry - remove the appropriate entry for your server from HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ISL Online\Grid and/or HKEY_CURRENT_USER\SOFTWARE\ISL Online\Grid, then download a new program and run it.

Tags: isl conference proxy, settings, configuration, advanced

Was this article helpful?