AWS deprecation of TLS below v1.2 & impact to instruments connecting to Illumina Connected Services
Last updated
Last updated
© 2023 Illumina, Inc. All rights reserved. All trademarks are the property of Illumina, Inc. or their respective owners. Trademark information: illumina.com/company/legal.html. Privacy policy: illumina.com/company/legal/privacy.html
Illumina Connected Services, such as BaseSpace, ICA, and Proactive, run on Amazon Web Services (AWS). AWS announced deprecation of TLS (Transport Layer Security) versions below 1.2 for all AWS service API endpoints. The encryption methods on many Illumina instruments currently use TLS v1.0 and TLS v1.1. To respond to evolving technology and conform to the most up to date security standards, AWS and other cloud providers will be updating the TLS configuration to a minimum version of TLS v1.2.
While this change significantly improves Illumina security, it also means that beyond December 31st, 2023, certain instruments with control software versions indicated in Table 1, below, will not be able to connect or send data to the following Illumina cloud services:
BaseSpace Sequence Hub (BSSH)
Illumina Connected Analytics
Checking and installing software updates online
Run monitoring through MyIllumina
Illumina Proactive
Instrument users are urged to do one of the following below, in order of priority:
Option 1: Upgrade to latest version of control software on instrument indicated in Table 1, below.
Option 2: If upgrading is not an option, make sure that TLS 1.2 is enabled on the instrument using the instructions in the option 2 section, below.
Option 3: If neither of the above actions can be taken, Illumina recommends setting up runs in local mode without connecting to any cloud services.
Note: see detailed information for Option 1, Option 2 and Option 3 below.
Table 1. Impacted instruments and mitigations for available instrument control software versions.
Instrument | Impacted Control SW versions | Required upgraded version | Field or user installable |
MiSeq | MCS v4.0.x and earlier | Windows 7 upgrade requires field visit. Windows 10 users can self-upgrade to MCS v4.1 | |
NextSeq 500 /550 | NCS v4.0.x and earlier | Update to NCS v4.2 | Requires field visit |
NovaSeq 6000 | NvCS v1.7.5 and earlier * | User installable | |
MiniSeq | MnCS v2.2 and earlier (all released versions) | No new control software available Use Option 2. | Not Applicable |
iSeq 100 /NextSeq 1000/2000/ NovaSeqX /X plus/ iScan / | Not impacted | Not Applicable | Not Applicable |
HiSeqs | Contact local field team |
\*While NovaSeq 6000 control software versions 1.8.0 and 1.8.0.43 are not impacted, Illumina still recommends upgrading to latest control software version of 1.8.1.
For any other instrument platforms, contact your local Illumina field representative or Illumina Technical Support.
TLS 1.2 Registry Patch instructions:
Note: All steps must be run on a user account with administrator privileges. See the instructions to check if running as administrator and how to switch to an admin account.
Start at step 1, below, for Windows 7 users only. For Windows 10, start at step 2.
Pre-requisite step for platforms that have Microsoft .NET Framework 4.5.1 or below.
Verify Microsoft .NET Framework version in Programs and Features.
If Microsoft .NET Framework is 4.5.1 or below, update to Microsoft .NET Framework 4.5.2 or above (Microsoft hosted 4.5.2 offline installer).
Power cycle the instrument
Close instrument control software.
Move the TLS1.2Registry.reg file to C:\Illumina on instrument.
Double click to run the file. Acknowledge pop-up message by selecting Yes to continue.
Verify Success message by selecting OK.
Power cycle instrument and log back in as a standard (non-admin) account.
If neither Option 1 nor Option 2 can be enacted, Illumina recommends setting up runs in local mode without connecting to any cloud services. Illumina also recommends turning off Proactive specifically for the MiSeq and NovaSeq 6000 instruments to make sure that runs do not fail. Turning off Proactive will result in users losing the benefits of a Proactive connection and this option should be used only as a last resort.
Is it okay if the TLS 1.2 Registry Patch was run twice?
Yes. The tool can be run multiple times without impact.
Do users need to re-validate after applying the registry patch?
Individual users need to determine if they should re-validate. The registry update does not impact the sequencing software, analysis software, or resulting data and merely enables connection to BaseSpace and Proactive.
What should be done if the following error is seen?
Make sure TLS1.2Registry.reg file is in C:\Illumina, rerun TLS1.2Registry.reg, and verify success message by selecting OK. After verifying, power cycle the instrument.
For any feedback or questions regarding this article (Illumina Knowledge Article #8467), contact Illumina Technical Support techsupport@illumina.com. |