How Can We Help?

Search for answers or browse our knowledge base.

Documentation | Demos | Support

< All Topics

Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components

Configuration change

$DLPDIR is the DLP installation directory

TunnelFile/parameterOld valueNew valueNotes
Browser <–> Enforce serverEnforce:$DLPDIR/Protect/tomcat/conf/server.xmlsslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″sslEnabledProtocols=”TLSv1.2″Recycle Vontu Manager service
Enforce <–> Detection serverEnforce:$DLPDIR/Protect/config/ andDetection:$DLPDIR/Protect/config/Communication.propertiesSSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHASSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA256Ensure SSLautonegotiate is set to false in both files.
Recycle Vontu Monitor and Vontu Monitor Controller services
Detection/Endpoint server <–> Endpoint agent“EndpointCommunications.SSLCipherSuites” in Enforce Management Console (System > Servers > Overview > Server Settings)TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHA256Recycle Vontu Monitor service (Endpoint server) 
Was this article helpful?
2.8 out of 5 stars
5 Stars 50%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 50%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Previous Default ports used by Symantec DLP
Next fixing Enforce Server migration fail for three-tier environments due to “DatabaseProcessCheck”
Table of Contents