Advanced Security
The config.ini file can be used for further configuration of the MyQ Print Server. It contains sections with parameters and values for multiple settings, however it is highly recommended to always consult with MyQ Support before editing the file.
Config.ini is a text file, located by default in C:\ProgramData\MyQ, and you can edit it in Notepad or any other text editor.
After you edit and save the file, all services need to be restarted for the changes to take effect.
Security Section
The configuration files traefik.custom.rules.yaml or httpd.conf manage secure communication with the web server, however there are other components using secure communication and they have a separate setting in the config.ini file. Those components are: SMTP, IPP, LPR, Messages (WebSockets), and HTTP Router. The Traefik configuration is also affected since MyQ Print Server 10.1 RC1.
When a Traefik custom rules file exists in the installation with the TLS version specified, it takes precedence over the config.ini option. The config.ini settings apply to other MyQ components, but Traefik TLS is set by the custom rules file.
To specify the minimum security protocol to be used for communication, go to C:\ProgramData\MyQ and open the config.ini file in a text editor.
Add a section called [Security] and in a new line under that, add the parameter sslProtocol with the value you want. The possible values are: TLS1.0, TLS1.1, TLS1.2, and TLS1.3 (from MyQ Print Server 10.1 RC2, the default value is TLS1.0 and from MyQ Print Server 10.2, the default value is TLS1.2).
For example, you can add sslProtocol=TLS1.3
Save the file and restart all services for the change to take effect.
Supported Cipher Suite
When charged to the minimum required TLS 1.0, the following ciphers are supported:
Supported Server Cipher(s): |
---|
TLSv1.3 128 bits TLS_AES_128_GCM_SHA256 Curve 25519 DHE 253 TLSv1.3 256 bits TLS_AES_256_GCM_SHA384 Curve 25519 DHE 253 TLSv1.3 256 bits TLS_CHACHA20_POLY1305_SHA256 Curve 25519 DHE 253 TLSv1.2 128 bits AES128-GCM-SHA256 TLSv1.2 256 bits AES256-GCM-SHA384 TLSv1.2 128 bits AES128-SHA TLSv1.2 256 bits AES256-SHA TLSv1.2 112 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLSv1.2 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA TLSv1.1 128 bits AES128-SHA TLSv1.1 256 bits AES256-SHA TLSv1.1 112 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLSv1.1 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA TLSv1.0 128 bits AES128-SHA TLSv1.0 256 bits AES256-SHA TLSv1.0 112 bits TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA TLSv1.0 112 bits TLS_RSA_WITH_3DES_EDE_CBC_SHA |
When TLS 1.1, 1.2, or 1.3 is used, the supported cipher suite may differ. Make sure that the connected devices support the required ciphers, and if not, look up available firmware upgrades that may bring security improvements.