The Universal Devices ISY994i has long had the ability to use secure connections for access, and wasn’t even vulnerable to a major, recently discovered security hole.
Nonetheless, the good folks at Universal Devices have continued to enhance the security posture of this device, and last month’s security update of the firmware to 4.2.18 is a good example of this. The message when doing an automatic upgrade through the interface, though, isn’t completely clear:
When I saw the message, my first concern was that they removed the ability to connect securely to the device over the internet (by removing SSL). But, in reviewing the release notes, the message is more clear: “SSLv3 is now disabled. 994 Series now use TLS1.0 as default. PRO series can select up to TLS1.2″
In other words, they just removed an older, less secure mechanism for these transactions (upgrading to use TLS rather than SSL), which is a very good thing. Even Chrome recognizes the more secure configuration – notice the “lock” icon on the status bar changing from yellow to green in the below before-and-after shot:
For future reference you can follow this forum on Universal Device’s site to keep apprised of new releases over time.