How Can We Help?

Search for answers or browse our knowledge base.

Documentation | Demos | Support

< All Topics

Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components

Configuration change

$DLPDIR is the DLP installation directory

TunnelFile/parameterOld valueNew valueNotes
Browser <–> Enforce serverEnforce:$DLPDIR/Protect/tomcat/conf/server.xmlsslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″sslEnabledProtocols=”TLSv1.2″Recycle Vontu Manager service
Enforce <–> Detection serverEnforce:$DLPDIR/Protect/config/ andDetection:$DLPDIR/Protect/config/Communication.propertiesSSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHASSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA256Ensure SSLautonegotiate is set to false in both files.
Recycle Vontu Monitor and Vontu Monitor Controller services
Detection/Endpoint server <–> Endpoint agent“EndpointCommunications.SSLCipherSuites” in Enforce Management Console (System > Servers > Overview > Server Settings)TLS_RSA_WITH_AES_128_CBC_SHATLS_RSA_WITH_AES_128_CBC_SHA256Recycle Vontu Monitor service (Endpoint server) 
Was this article helpful?
2.8 out of 5 stars
5 Stars 50%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 50%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents