How Can We Help?
Search for answers or browse our knowledge base.
Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
Configuration change
$DLPDIR is the DLP installation directory
Tunnel | File/parameter | Old value | New value | Notes |
---|---|---|---|---|
Browser <–> Enforce server | Enforce:$DLPDIR/Protect/tomcat/conf/server.xml | sslEnabledProtocols=”TLSv1,TLSv1.1,TLSv1.2″ | sslEnabledProtocols=”TLSv1.2″ | Recycle Vontu Manager service |
Enforce <–> Detection server | Enforce:$DLPDIR/Protect/config/MonitorController.properties andDetection:$DLPDIR/Protect/config/Communication.properties | SSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA | SSLcipherSuite = TLS_RSA_WITH_AES_128_CBC_SHA256 | Ensure SSLautonegotiate is set to false in both files. Recycle Vontu Monitor and Vontu Monitor Controller services |
Detection/Endpoint server <–> Endpoint agent | “EndpointCommunications.SSLCipherSuites” in Enforce Management Console (System > Servers > Overview > Server Settings) | TLS_RSA_WITH_AES_128_CBC_SHA | TLS_RSA_WITH_AES_128_CBC_SHA256 | Recycle Vontu Monitor service (Endpoint server) |