Comment on page
AWS deprecation of TLS below v1.2 & impact to instruments connecting to Illumina Connected Services
Illumina Connected Services, such as BaseSpace, ICA, and Proactive, run on Amazon Web Services (AWS). AWS announced deprecation of TLS (Transport Layer Security) versions below 1.2 for all AWS service API endpoints. The encryption methods on many Illumina instruments currently use TLS v1.0 and TLS v1.1. To respond to evolving technology and conform to the most up to date security standards, AWS and other cloud providers will be updating the TLS configuration to a minimum version of TLS v1.2.
While this change significantly improves Illumina security, it also means that beyond December 31st, 2023, certain instruments with control software versions indicated in Table 1, below, will not be able to connect or send data to the following Illumina cloud services:
- BaseSpace Sequence Hub (BSSH)
- Illumina Connected Analytics
- Checking and installing software updates online
- Run monitoring through MyIllumina
- Illumina Proactive
Instrument users are urged to do one of 2 things below, in order of priority:
Option 1: Upgrade to latest version of control software on instrument indicated in Table 1, below.
Option 2: If upgrading is not an option, make sure that TLS 1.2 is enabled on the instrument using the instructions in the option 2 section, below.
Table 1. Impacted instruments and mitigations for available instrument control software versions.
*While NovaSeq 6000 control software versions 1.8.0 and 22.214.171.124 are not impacted, Illumina still recommends upgrading to latest control software version of 1.8.1.
TLS 1.2 Registry Patch instructions:
Note: All steps must be run on a user account with administrator privileges.
Start at step 1, below, for Windows 7 users only. For Windows 10, start at step 2.
- 1.Pre-requisite step for platforms that have Microsoft .NET Framework 4.5.1 or below.
- Verify Microsoft .NET Framework version in Programs and Features.
- Power cycle the instrument.
- 2.Close instrument control software.
- 4.Move the TLS1.2Registry.reg file to C:\Illumina on instrument.
- 5.Double click to run the file. Acknowledge pop-up message by selecting Yes to continue.
- 6.Verify Success message by selecting OK.
- 7.Power cycle instrument and log back in as a standard (non-admin) account.
Is it okay if the TLS 1.2 Registry Patch was run twice?
Yes. The tool can be run multiple times without impact.
Do users need to re-validate after applying the registry patch?
Individual users need to determine if they should re-validate. The registry update does not impact the sequencing software, analysis software, or resulting data and merely enables connection to BaseSpace and Proactive.
What should be done if the following error is seen?
Make sure TLS1.2Registry.reg file is in C:\Illumina, rerun TLS1.2Registry.reg, and verify success message by selecting OK. After verifying, power cycle the instrument.