Comment on page
AWS deprecation of TLS below v1.2 & impact to instruments connecting to Illumina Connected Services
Illumina Connected Services, such as BaseSpace, ICA, and Proactive, run on Amazon Web Services (AWS). AWS announced deprecation of TLS (Transport Layer Security) versions below 1.2 for all AWS service API endpoints. The encryption methods on many Illumina instruments currently use TLS v1.0 and TLS v1.1. To respond to evolving technology and conform to the most up to date security standards, AWS and other cloud providers will be updating the TLS configuration to a minimum version of TLS v1.2.
While this change significantly improves Illumina security, it also means that beyond December 31st, 2023, certain instruments with control software versions indicated in Table 1, below, will not be able to connect or send data to the following Illumina cloud services:
- BaseSpace Sequence Hub (BSSH)
- Illumina Connected Analytics
- Checking and installing software updates online
- Run monitoring through MyIllumina
- Illumina Proactive
Instrument users are urged to do one of 2 things below, in order of priority:
Option 1: Upgrade to latest version of control software on instrument indicated in Table 1, below.
Option 2: If upgrading is not an option, make sure that TLS 1.2 is enabled on the instrument using the instructions in the option 2 section, below.
Table 1. Impacted instruments and mitigations for available instrument control software versions.
Instrument | Impacted Control SW versions | Required upgraded version | Field or user installable |
MiSeq | MCS v4.0.x and earlier | Update to MCS v4.1 | Windows 7 upgrade requires field visit. Windows 10 users can self-upgrade to MCS v4.1 at end of November 2023, when the software will be released. |
NextSeq 500 /550 | NCS v4.0.x and earlier | Update to NCS v4.2 | Requires field visit |
NovaSeq 6000 | NvCS v1.7.5 and earlier * | User installable | |
MiniSeq | MnCS v2.2 and earlier (all released versions) | No new control software available
Use Option 2. | Not Applicable |
iSeq 100 /NextSeq 1000/2000/ NovaSeqX /X plus/ iScan / | Not impacted | Not Applicable | Not Applicable |
HiSeqs | Contact local field team | | |
*While NovaSeq 6000 control software versions 1.8.0 and 1.8.0.43 are not impacted, Illumina still recommends upgrading to latest control software version of 1.8.1.
For any other instrument platforms, contact your local Illumina field representative or Illumina Technical Support.
TLS 1.2 Registry Patch instructions:
Note: All steps must be run on a user account with administrator privileges.
Start at step 1, below, for Windows 7 users only. For Windows 10, start at step 2.
- 1.Pre-requisite step for platforms that have Microsoft .NET Framework 4.5.1 or below.
-
- Verify Microsoft .NET Framework version in Programs and Features.
- If Microsoft .NET Framework is 4.5.1 or below, update to Microsoft .NET Framework 4.5.2 or above (Microsoft hosted 4.5.2 offline installer).
-
- Power cycle the instrument.
- 2.Close instrument control software.
- 4.Move the TLS1.2Registry.reg file to C:\Illumina on instrument.
- 5.Double click to run the file. Acknowledge pop-up message by selecting Yes to continue.
- 6.Verify Success message by selecting OK.
- 7.Power cycle instrument and log back in as a standard (non-admin) account.
Is it okay if the TLS 1.2 Registry Patch was run twice?
Yes. The tool can be run multiple times without impact.
Do users need to re-validate after applying the registry patch?
Individual users need to determine if they should re-validate. The registry update does not impact the sequencing software, analysis software, or resulting data and merely enables connection to BaseSpace and Proactive.
What should be done if the following error is seen?
Make sure TLS1.2Registry.reg file is in C:\Illumina, rerun TLS1.2Registry.reg, and verify success message by selecting OK. After verifying, power cycle the instrument.
For any feedback or questions regarding this article (Illumina Knowledge Article #8467), contact Illumina Technical Support [email protected]. |