TLS (Transport Layer Security) is a transport protocol that provides security for end-to-end communications. It ensures confidentiality, integrity, and authenticity between the Mobility Print clients and server.
The algorithm used is chosen from the CipherSuites, a list of algorithms included in each version of TLS. You can find out more about them on the TLS Parameters page .
When Mobility Print starts for the first time, it defaults to use minimum TLS version 1.0 and a default list of secure cipher suites, with a preference order based on hardware performance.
It also creates an example tls.conf.toml file in the data folder, which contains the field names so you can customize them for your TLS version and cipher suites.
We recommend you determine the applicable TLS version and Cipher Suites for the server based on your desired security requirements. Ensure the setting allows for your end users’ devices to communicate with the Mobility Print server. Remember, older devices might not support the latest and greatest cipher suites.
Configure TLS
- Make sure you are on a Mobility Print server that is newer than 1.0.2903. Check the Mobility Print Admin page. You cannot configure TLS on versions below this.
- Go to
<Mobility Print server install location>/data/config. - Open the tls.conf.toml file with a text editor such as Notepad.
- To configure the values to reflect desired security requirements, uncomment (remove prefixed “#’’s); then add, edit, or remove values. To add a cipher, type a comma after the last cipher and be sure to use quotation marks around the string. For example,
[... ""TLS_AES_128_GCM_SHA256"", "TLS_AES_256_GCM_SHA384"]. - Save the file.
- Restart your Mobility Print server.
- Test printing from your Mobility Print clients using these new settings.
Valid MinVersion and CipherSuites values
The table below shows a list of the valid values.
KEY | DESCRIPTION | VALID VALUES |
|---|---|---|
MinVersion | The minimum TLS version accepted by the server | "VersionTLS10" "VersionTLS11" "VersionTLS12" "VersionTLS13" |
CipherSuites | TLS1.3 ciphers | "TLS_AES_128_GCM_SHA256" "TLS_AES_256_GCM_SHA384" "TLS_CHACHA20_POLY1305_SHA256" |
TLS1.2 Ciphers | "TLS_RSA_WITH_AES_128_GCM_SHA256" "TLS_RSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384" | |
TLS1.0 to TLS1.2 ciphers (Legacy) | "TLS_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_RSA_WITH_AES_128_CBC_SHA" "TLS_RSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA" "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA" "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA" |
Troubleshooting
If there is an unrecognized value in either MinVersion and CipherSuites, the server will log an error in the config file indicating which value is unrecognized, and the config file will not be loaded.
For example, this error “failed to load existing config file” was logged by the Mobility Print server just after start up. It tells us the 16th line of the tls.conf.toml file on the 604th character.
2025/10/03 10:36:11 mobility-print: STDOUT|ERROR failed to initialise tls config. error: failed to load existing config file, fields: [{"error":{"Message":"","Usage":"","Position":{"Line":16,"Start":604,"Len":1},"LastKey":"CipherSuites","Line":16},"path":"/Applications/PaperCut Mobility Print/data/config/tls.conf.toml"}] [ err=failed to load existing config file, fields: [{"error":{"Message":"","Usage":"","Position":{"Line":16,"Start":604,"Len":1},"LastKey":"CipherSuites","Line":16},"path":"/Applications/PaperCut Mobility Print/data/config/tls.conf.toml"}] ] config.go:169
If the tls.conf.toml file cannot be parsed Mobility Print will revert to the default list of cipher suites, with a preference order based on hardware performance. If a list of suites is configured, only the cipher suites listed will be used.
Comments