Back to articles
Back to Index

Posted on 11 May 2020 by in General Encryption, High Speed Encryptions

 

High Speed Encryption V5.1 Firmware Upgrade

The purpose of this bulletin is to provide guidance for transitioning to the V5.1 firmware release for all fielded appliances.

Thales recommends that all HSEs be updated to the V5.1 firmware as soon as possible. The V5.1 is not backward compatible with prior versions of code but provides extensive feature advancements, updates to meet the latest security standards, and address critical known issues as outlined below.

The release is being offered free of charge to all Thales HSE customers from the Thales Support Portal (log in required).

Feature Enhancement: The V5.1 firmware release introduces Transport Independent Mode (TIM) which provides network independent encryption allowing customers to secure data in motion at layer 2, 3, or 4. In addition to the TIM enhancement, 100G Forward Error Correction (FEC) and GCM mode, and support for EQKD were added. Please refer to the Customer Release Note (CRN) and Users Guide for a full list of features now available.

Security Standard Updates: V5.1 firmware meets the latest NIST guidance set out in the Transitioning the Use of Cryptographic Algorithms and Key Lengths publication (SP800-131A). These updates to the V5.1 firmware render it inoperable with any prior version. It is recommended that all fielded units be upgraded to Firmware V5.1 to meet the latest NIST guidance and to ensure interoperability within the network. Please see the Release Notes for further details on interoperability and upgrade caveats.

Feature Enhancement: The V5.1 firmware release introduces Transport Independent Mode (TIM) which provides network independent encryption allowing customers to secure data in motion at layer 2, 3, or 4. In addition to the TIM enhancement, 100G Forward Error Correction (FEC) and GCM mode, and support for EQKD were added. Please refer to the Customer Release Note (CRN) and Users Guide for a full list of features now available.

Known Issue/Bug Fix: The HSE software library requires modification in order to address an undesired function. The fix removes an authentication mechanism whereby self-signed encryptor certificates may be accepted during session establishment. The change reduces the scope of accepted certificates, but does not alter the underlying security or cryptographic mechanism. Patches are available on the support portal to address this issues. Please see release notes for additional resolved issue.

All questions regarding upgrade of units should be directed to the Thales Support Team.