I am an IT engineer and I did a security audit on our Company infrastructure, which includes a Xerox WorkCentre 6515.
I updated the firmware of our Workcentre 6515 to the latest available one (65.65.51, PL7-R3).
We also updated our webserver software thath handles Company mail during the last week and it is fully operating.
I have noticed that the printer would not connect anymore to our SMTP server (postfix/SMTPD) using STARTTLS on port 587 to deliver scans to our network.
The issue is that when enabling "modern" TLS protocols and ciphers and discarding weak ciphers (TLS 1.0 and 1.1 cipher suites as well as some TLS 1.2 TLS_RSA ciphers) in our SMTP webserver, the printer would not connect anymore to our smtp server (Xerox error 017-714 Smtp over ssl failed).
The Workcentre is set to use only TLS 1.2 (but I tried also checking both TLS 1.0 and 1.1).
I noticed these failures in our SMTP server log:
postfix/smtp: SSL_accept error from XXX
postfix/smtp: lost connection after STARTTLS from XXX
postfix/smtp: disconnect from XXX
Reenabling these cipher suites, by selecting "old" in the TLS compatibility setting of our webserver, was the key to restart the mail functionality of the printer.
This is a security issue, as these ciphers are known to be weak and cannot be utilized in a modern IT environment. I expected the newest firmare (February 2021) of the Workcentre 6515 to be up-to-date regarding the security, but it seems this is not the case.
We have temporarily suspended the mail functionality of our WorkCentres until the issue is solved.
Thank you for using the Support Forum. Looks like you have tried all your options. Please consider submitting a Product Security Information Request to get further information and report your concerns. They may be able to provide you more information. Additionally you can consider contacting your support centre for further assistance.