Roon Security update 31 May [Update Complete]

Just received your security update email. I use a windows 8 PC as one of my controllers [I also use a Mac and an iPad in other locations] and a nucleus plus as my core and I’m not clear whether I need to take any action

I received the mail, but date is different. It says “On the 31st of May, we will be performing a security update to ensure that Roon continues to run smoothly and securely; this update will prevent operating systems limited to TLS 1.0 or 1.1 from accessing Roon’s cloud services.”

I am using a win7 machine as roon server. It will cease to function by said date. I think I’ll have to install Linux on that machine. I came here to see which flavor of Linux is preferred by the community. Any ideas? It is an i5 laptop.

Yes, that’s the one. Sent/received on April 30

This is how to check what version of TLS you have:

Load a web page in a browser, right click the page or select the Page drop-down menu, and select Properties. In the new window, look for the Connection section. This will describe the version of TLS or SSL used.


I’ll give others a chance to weigh in on their favorite flavors of Linux, but if you’re up for it, this isn’t a bad opportunity to switch to Nucleus or ROCK!


You can install windows 10 as the (cough) free upgrade still works. That is if you want to run windows 10 of course

Though if you have another machine to run the interface then Rock works great (if it will run on that machine)

1 Like

I’m already on nucleus plus. Does this mean I can continue to use my windows 8 PC as one of my controllers along with a Mac and an iPad in other rooms?

Your Mac and iPad will continue to work just fine, but it’s likely that your Windows 8 PC will be affected. The simplest and safest path forward is to install Windows 10, but you can also try updating TLS with the instructions in this article.

The email I received appear to indicate that migrating to nucleus core is an alternative to updating to windows 10:

To continue using Roon from May 31, your operating systems must support TLS 1.2 at a minimum. It may be possible to update TLS under Windows 7 and 8 following the instructions in articles like this…Alternatively, you could upgrade your operating system to Windows 10 to remain secure, or migrate to a new Roon Core device with these instructions: Roon Core Migration

The email seems to presume that you are using Windows on a Core whereas @kevin’s response indicates the issue also arises where Windows is on a Remote (meaning a PC that points to a Core on another computer).

With an affected Remote you will need to upgrade either the version of TLS or to Windows 10. Migrating to a Nucleus or NUC/ROCK relates only to Cores.

I’m using Ubuntu 20.04 LTS (Long Term Support) aka Focal Fossa, which was a pretty simple installation. You can find other online guides and videos about installing it alongside Windows. This runs Roon Server quite happily. Use the Easy Installer instructions here.

I am also using Jussi Laako’s low latency native DSD kernel published here but that is very much an optional extra for those who want to delve deeper into Linux.

In case you are wondering about the Ubuntu version names they follow an [adjective][animal] form because:

So, what’s with the “Funky Fairy” naming system?
Many sensible people have wondered why we chose this naming scheme. It came about as a joke on a ferry between Circular Quay and somewhere else, in Sydney, Australia:
lifeless: how long before we make a first release?
sabdfl: it would need to be punchy. six months max.
lifeless: six months! thats not a lot of time for polish.
sabdfl: so we’ll have to nickname it the warty warthog release.

And voila, the name stuck. The first mailing list for the Ubuntu team was called “warthogs”, and we used to hang out on #warthogs on For subsequent releases we wanted to stick with the “hog” names, so we had Hoary Hedgehog, and Grumpy Groundhog. But “Grumpy” just didn’t sound right, for a release that was looking really good, and had fantastic community participation. So we looked around and came up with “Breezy Badger”. We will still use “Grumpy Groundhog”, but those plans are still a surprise to be announced… For those of you who think the chosen names could be improved, you might be relieved to know that the “Breezy Badger” was originally going to be the “Bendy Badger” (I still think that rocked). There were others… For all of our sanity we are going to try to keep these names alphabetical after Breezy. We might skip a few letters, and we’ll have to wrap eventually. But the naming convention is here for a while longer, at least. The possibilities are endless. Gregarious Gnu? Antsy Aardvark? Phlegmatic Pheasant? You send 'em, we’ll consider 'em.

1 Like

Im somewhat stuck using Windows 7 as the operating system as we are using windows mediacenter throughout the house for satellite tv. But I’m glad to see using the method above that the standard Internet Explorer browser already supports TLS 1.2, so I assume Ill have no issue continue running Roon on that server, right?

The Digitimber page referred to in the email does not mention Windows 8.1 being affected. Nor are there any windows patches (KB3140245) for Windows 8.1 or Windows 8 (other than the embedded version of 8).

I’ve checked Internet Explorer on my old NUC PC that’s running Windows 8.1 and it transfers pages over TLS 1.2. Patch KB3140245 hasn’t been installed on this machine either. Perhaps 8.1 shipped with TLS 1.2, or the update was included in some other patch.

So, it seems that if you’re running Windows 8.1, and possibly Windows 8, you shouldn’t have to do anything.

roonlabs, please confirm whether Windows 8 must be updated, and clarify your email to users if needs be:

It may be possible to update TLS under Windows 7 and 8 following the instructions in articles like this one.

On the other hand, if

  • you’re running Windows 7;
  • Windows 8.1 has TLS 1.2 out of the box or by some other patch;
  • your machine is too old or slow to run Windows 10; and
  • you can find installation media for Windows 8.1,

you could update an old Windows 7 PC to 8.1 instead.

Does this problem affect non-TLS 1.2 versions of windows that are only serving as endpoints with roon bridge? Or as remotes with roon remote? Or is it only roon core that talks to your services?

It is worth pointing out that if you use Roon Server then an alternative OS such as flavours of Linux or ROCK will have the same functionality. But if you use the full Roon desktop variety for control purposes then Linux and ROCK cannot offer you that. Windows 10 is then your best option unless the suggested TLS updates work for you.


Is it ok to check for the required TLS 1.2 support here?

Yes SSL Labs run a good browser and server testing service. We test all our sites through them

No it won’t, win7 still supports TLS 1.2 as long as you kept it updated and apply the easy fix.

You can set your win7 OS to use TLS 1.2 by default so it won’t have any conflicts with Roon cloud servers

1 Like

Focal fossa? I am a doctor, so this is more like an anatomical term :slight_smile: What kind of an animal is a fossa?
My laptop is not young, Ubuntu may be a bit fancy. I am thinking of Linux Mint for it. Can I use Xfce flavor?

I am running two laptops in my Roon setup with Win7. One is for core, other one in other room as an endpoint. I’ll try the fix on the endpoint, but I will upgrade the os on core machine. I am not a big fan of windows, so I am willing to switch. Nice opportunity to learn new stuff. Thank you.