HP LaserJet, HP PageWide - Secure by Default Initiative (white paper)
4
Note: See Appendix B for additional information regarding PJL management commands.
New Default:
The Secure by Default initiative disables the “Enable PJL Device Access Commands” setting.
EWS Setting Configuration Path:
Security Tab -> General Security Menu
Figure 3: PJL Device Access Command in the Embedded Web Server (EWS)
This setting may need to be temporary re-enabled to allow PJL scripting for installation and management.
Note: See Appendix A – Print Solution and Fleet tool Impacts for effects on device solutions and fleet management
tools.
TLS Ciphersuites
The RC4, DES and 3DES protocols have known vulnerabilities and are no longer recommended for HTTPS encryption. RC4
(Rivest Cipher 4) was designed in 1987 and 3DES was approved in 1995.
New Default:
The RC4 and 3DES (DES-CBC3-SHA) based cipher suites are disabled as in the Secure by Default security profile.
EWS Setting Configuration Path:
Security Tab -> Secure Communication menu
Figure 4: HTTPS Ciphersuite Selection in the Embedded Web Server (EWS)
Note: These ciphersuites may be needed for Windows XP, Windows Server 2003 and Internet Explorer 8 legacy
installations.
TLS Protocols
The Transport Layer Security (TLS) protocol versions 1.0 & 1.1 will be disabled by default beginning with FutureSmart
bundle 4.7.2 and later, including the 4.8 fleet release in June 2019.