Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components

By November 23, 2020Symantec DLP Enforce
You are here:
< Back

Configuration change

$DLPDIR is the DLP installation directory

TunnelFile/parameterOld valueNew valueNotes
Browser <–> Enforce serverEnforce:$DLPDIR/Protect/tomcat/conf/server.xmlsslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″sslEnabledProtocols=”TLSv1.2″Recycle Vontu Manager service
Enforce <–> Detection serverEnforce:$DLPDIR/Protect/config/MonitorController.properties andDetection:$DLPDIR/Protect/config/Communication.propertiesSSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHASSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA256Ensure SSLautonegotiate is set to false in both files.
Recycle Vontu Monitor and Vontu Monitor Controller services
Detection/Endpoint server <–> Endpoint agent“EndpointCommunications.SSLCipherSuites” in Enforce Management Console (System > Servers > Overview > Server Settings)TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHA256Recycle Vontu Monitor service (Endpoint server) 
Was this article helpful?
0.5 out Of 5 Stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 100%
How can we improve this article?