Manualshelf

HP MFP Digital Sending Software (DSS) 5.0 - Security Features

ManualsBrandsHP ManualsSoftwareHP MFP Digital Sending Software 5.0
12345678910
7
naming with certificates. Notice also that the certificate has been issued by HP IPG DSS CA <IP address>.
The issuer is also DSS, but this is DSS acting in the role as a certificate authority.
Since DSS is also acting as a CA, let’s look at the DSS certificate that is generated for DSS as a CA. This
certificate is in the Trusted Root Certification Authorities Store.
The certificate in the Personal/Certificates store is distributed by DSS, to the client in an SSL / TLS
session, when DSS is the SSL / TLS server in that session. The certificate in the Trusted Root Certification
Authorities store is used to establish trust and is not automatically distributed.
SSL/ TLS levels
SSL stands for Secure Socket layer. TLS stands for Transport Layer Security. SSL started with SLL 2.0 and
there is also SSL 3.0. TLS is a later spec and considered an evolution of the same class of protocol. There
are TLS versions 1.0, 1.1, and 1.2. As the protocols evolved they continue to improve and TLS 1.2 is now
considered the most secure. SSL 2.0 is almost never used.
When a client contacts a server for an SSL / TLS session one of the first things they do is select what level
of the protocol they will use to communicate. The level chosen is the highest (newest) that each
endpoint supports.
Which levels of the protocol DSS can use is controlled by the underlying operating system. Whether or
not a level is enabled is configured in the Windows registry. At the time this paper is being written the
SSL 3.0 and TLS 1.0 levels are on by default and the other levels are not enabled. These defaults could
change in the future. Changing the levels enabled on the OS can be done by direct registry editing or
using one of several commercially available tools. There are many web articles that discuss how to
enable and disable the various levels.
DSS does not provide a capability to change which levels of the protocol the underlying OS supports. If
the DSS admin wants to change the current settings they should consult the available literature for how
to do it. DSS does show which levels are enabled and disabled so the DSS admin can understand at
which levels DSS can operate. This information is shown on the Security tab of the Configuration utility,
as shown below. Note that the protocols are enabled or disabled independently for when the system is
acting as a SSL / TLS client or server. Also note that when an administrator changes the available SSL /
TLS protocols that can be used for a machine the changes apply to all applications running on that
server, not just for DSS.