cancel
Showing results for 
Search instead for 
Did you mean: 

Chromecast SSL/TLS: Deprecated TLSv1.0 and TLSv1.1 Protocol Detection

yu210148
Community Member

Hi All,

I've got both a Chromecast (with Google TV) and a Chromecast Audio device on my network and when I run a vulnerability scan on them I'm getting messages about them supporting older deprecated TLS versions. I believe both devices are running the latest firmware. Does anyone know if there are plans to address this on Google's side? Or, are they being left enabled for compatibility?

Not a huge deal as the network is isolated it's just something that I noticed and didn't find any good info about searching around online.

Thanks in advance.

kev. 

2 Recommended AnswerS

Wouldn't be surprised that Google just left the older protocols to appease the masses.  I'm certain there are users that refuse to upgrade their 6 year old phones and would pitch a fit if their phones suddenly stopped being able to cast due to older protocols being removed. Hard to please everyone

View Recommended Answer in original post

yu210148
Community Member

True, although wouldn't it be on the app developer to use a newer cipher to make the connection? Unless it's in the API and the app just calls out to the system service to cast. 

 

At any rate, you're probably right. Just thought I'd ask the question. 🙂

View Recommended Answer in original post

5 REPLIES 5

scythe944
Community Member

Not too sure about this, but I assume that just because they support older TLS versions, it doesn't mean it's using them.  Of course, it's always good to keep your chromecast's and IoT devices on their own network if possible.

yu210148
Community Member

Yes, putting a Chromecast up on the internet is just asking to get trolled or worse.

Wouldn't be surprised that Google just left the older protocols to appease the masses.  I'm certain there are users that refuse to upgrade their 6 year old phones and would pitch a fit if their phones suddenly stopped being able to cast due to older protocols being removed. Hard to please everyone

yu210148
Community Member

True, although wouldn't it be on the app developer to use a newer cipher to make the connection? Unless it's in the API and the app just calls out to the system service to cast. 

 

At any rate, you're probably right. Just thought I'd ask the question. 🙂

JenniferV
Community Specialist
Community Specialist

Hi folks,

 

Thanks for visiting the Community.

 

Since this thread hasn't had activity in a while, we're going to close it to keep content fresh. We hope you were able to get the help you need but If you have other questions and concerns, feel free to submit another post and provide as many details as possible so that others can lend a hand.

 

Thanks for the help, scythe944.

 

Regards,

Jennifer