This article goes over the benefits and considerations when reviewing the upgrade from previous versions of PGP Encryption Server (Symantec Encryption Management Server).
Broadcom recommends upgrading to the latest version of PGP Encryption Server for best security.
An important consideration to upgrade to PGP Encryption Server 10.5.1 MP2 or PGP Encryption Server version 11 (the latest release) is that all legacy versions of the legacy PGP Server version 3.4.2 and older have now entered an EOS phase. To continue to receive support for your Encryption products, upgrade to the latest versions of the PGP Encryption software that you can accommodate.
Broadcom will support only the version 10.5.0 and above going forward, and this is where all improvements will be included in.
TIP: For information on how to carry out upgrades and other technical considerations see the following article:
211876 - Technical considerations when upgrading Encryption Management Server to release 10.5
Improvements made in PGP Encryption Server 11.0.1:
Improvements made in PGP Encryption Server 11.0.0 GA:
Symantec Encryption recommends staying on top of the updates for best security. For a detailed list of all additions, see the Release Notes.
Improvements made in PGP Encryption Server 10.5:
Note on versioning: In order to improve clarity between server and client related to versioning, PGP now shares the same version as the SED client (Version 10.5 and above). Both PGP client and Server can be referred to as the same version. Previously, PGP 3.4.2 Server was on a 3.x naming convention and the PGP Client was on a 10.x naming convention. Now both server and client are referred to as version 10.5 and beyond).
As mentioned above, PGP Encryption Server has used TLS 1.0/1.1 for some features and backward compatibility for Symantec Encryption Desktop client versions 10.3.x and older or Symantec PGP Viewer application for Android devices.
DLP Data Insight integration users PGP Encryption Server and TLS 1.0 must be enabled for this feature to work. For assistance on this, please contact Symantec Encryption Support.
PGP Encryption Server 3.4 and PGP Encryption Desktop client 10.4 and above use TLS 1.2 as the default communications protocol. TLS 1.0 is still enabled on these newer versions of the software in order to support older client communications. PGP Encryption Server 3.4.2 MP1 will be the last version to have TLS 1.0 enabled by default.
Starting with PGP Encryption Server 3.4.2 MP2 and continuing with PGP Client 10.5, TLS 1.0 will be disabled by default, and TLS 1.2 will be the only protocol available for secure communications (PGP version 11 uses TLS 1.2 by default and other TLS operations can use TLS 1.3).
It is still possible to configure the PGP Encryption server to use TLS 1.0/1.1 for backward compatibility for the PGP Encryption Desktop 10.3.x client or Android devices, and some other features . See below for the considerations as this applies to the PGP 3.4.2 MP2 and newer during upgrades.
PGP 10.5 will still support PGP 10.3.2 clients, however, 10.3.2 is no longer supported and reached End of Service July 31st, 2020. At this point, you do want to move on to the newer version that is currently supported.
The following is a historical reference to versions of PGP highlighting some of the improvements available for each version:
Considerations before upgrading to Symantec Encryption Management Server 3.4.2 MP2 and newer:
Tip: For the current version of PGP, see article 156303.
With new versions of Symantec Encryption Management Server, older versions reach the End of Service phase, which means the version is no longer supported, and we recommend upgrading to the new version that is currently supported. For a listing of all Encryption products and their End of Service dates, see article 152880.
211876 - Technical considerations when upgrading Encryption Management Server to release 10.5
150915 - PGP Encryption Server Benefits and Considerations for upgrading to version 10.5
157080 - Pictured Installation Guide for Symantec Encryption Management Server (PGP Server)
153588 - Restore Backup files to the PGP Encryption Server (Symantec Encryption Management Server)
180749 - Upgrading PGP Encryption Server using a *.pup file (Symantec Encryption Management Server)
153318 - Restoring Encryption Management Server Backups larger than 2GB
197045 - Custom scripts are moved when upgrading to Encryption Management Server 10.5