Arindam Bhadra: TLS Configuration

Thursday, October 16, 2025

ONVIF Ending Support for Profile S

ONVIF Ending Support for Profile S

A commonly asked question is “what is ONVIF protocol?” This question confuses two different concepts: a standard and a protocol. ONVIF is a security standard, whereas RTSP — a key element of video and audio streaming — is a protocol.

For the avoidance of doubt, “ONVIF protocol” is an incorrect term, because it is a standard. The ONVIF standards are defined by several manufacturers in the video security industry, including Pelco, enabling products across brands to work together and interface seamlessly. This standard determines how a protocol like RTSP will work.

RTSP stands for Real Time Streaming Protocol. It controls video and audio transmission between two endpoints, and enables it to happen with minimal latency (delay) over an internet connection. ONVIF IP cameras use a specific standard (known as a profile) to stream video and audio. In doing so, the standard defines certain rules about how RTSP should work and which ONVIF specifications it should follow.

Over a larger ONVIF security camera system, this means that all devices are using the same streaming protocol to transmit video to network recording devices, which are primed to receive it in that specific format.

ONVIF stands for Open Network Video Interface Forum. Its aim is to provide a standard for the interface between different IP-based physical security devices. In simple terms, ONVIF specifications provide a consistent way for devices from multiple manufacturers to work together, where previously they would not have been able to. These standardized ONVIF specifications are like a common language that all devices can use to communicate.

The end user benefits from this interoperability because they are no longer tied to a single brand for everything to work; now, a business can use several different brands’ systems, with a single standard to communicate. Want to use the best ONVIF camera from Brand A, but you also want Brand B’s ONVIF IP cameras, and Brand C’s ONVIF NVR? No problem — because the ONVIF standard enables them all to work together.

ONVIF is ending support for Profile S on March 31, 2027. Profile S, which was introduced in 2011, specifies authentication methods that are no longer aligned with current cybersecurity standards.

“After 14 years, Profile S has served its purpose of enabling basic video streaming interoperability for more than 33,000 conformant devices and clients from different vendors,” said Leo Levit, Chairman of the ONVIF Steering Committee. “As ONVIF profiles do not change to preserve the interoperability of conformant products, we recognize the need to phase it out in line with today’s security recommendations.”

ONVIF recommends the use of Profile T as a replacement for Profile S. Launched in 2018, Profile T includes virtually all Profile S features plus advanced video surveillance capabilities. End users can still use Profile S for basic video streaming between Profile S conformant devices and clients, but for security reasons, ONVIF strongly encourages customers to discontinue the use of the username token authentication method and choose instead more secure authentication mechanisms like digest authentication supported in Profile T or through TLS (HTTPS mode).

Cybersecurity Best Practices for IP-based Physical Security Products

ONVIF recommends following local regulations, industry best practices, and staying on top of updates from the marketplace. ONVIF has outlined a general, non-exhaustive set of recommendations for best practices within cybersecurity. The recommendations should not be considered as the only source or guideline to combat cybersecurity threats.

In addition to the recommendations, ONVIF supports TLS (Transport Layer Security), a secure communication protocol that allows ONVIF devices with that feature to communicate with clients across a network in a way that protects against tampering and eavesdropping.

Profile S Conformant Products
After March 31, 2027, it will not be possible for manufacturers to submit new products or older products with new firmware/software versions for Profile S conformance. Products that have already achieved Profile S conformance will always remain conformant for the specified firmware version and date of conformance. Profile S conformant products will continue to be searchable in the ONVIF conformant products database.

ONVIF conformant products and is the authoritative source for determining whether or not a product is officially ONVIF conformant and supports one or multiple ONVIF profiles. A product is registered in the database after it successfully passes the relevant ONVIF test tool and all the necessary documents have been submitted to ONVIF by the member manufacturer. Conformance is tied to a product’s specific firmware/software version and is valid indefinitely for the specific firmware/software version of that product. To ensure an existing product is conformant, the product’s firmware/software version must match the version listed for the product in the database. ONVIF releases new device and client test tools twice a year (June and December), and each test tool version is valid until a new version is released, plus a further grace period of about three months. For more information, see the Conformance FAQ page.

Note that products may use ONVIF specifications, but they may not claim to be ONVIF conformant without completing the ONVIF Conformance Process. Only ONVIF members can claim conformance, but ONVIF membership alone does not guarantee that products sold by members are ONVIF conformant.

TLS Configuration Add-on

As ONVIF adapts to new cybersecurity requirements, the specifications of the current ONVIF TLS Configuration Add-on will also be upgraded at the end of 2026. Unlike profiles, add-ons are adaptable to changing technology/specification requirements due to version handling.