This article goes over the benefits and considerations when reviewing the upgrade from previous versions of Symantec Encryption Management Server (SEMS). Broadcom recommends upgrading to the latest version of SEMS for best security.
One critical reason to upgrade to SEMS 10.5.x is all previous versions (3.4.2 and older) have entered an EOS\EOL phase. Broadcom will support only the version 10.5.x going forward and this is where all improvements will be included in.
TIP: For information on how to carry out upgrades and other technical considerations see the following article:
211876 - Technical considerations when upgrading Encryption Management Server to release 10.5
The following is a historical reference to versions of SEMS highlighting some of the improvements available for each version:
Improvements made in Symantec Encryption Management Server 10.5:
Note on versioning: In order to improve clarity between server and client related to versioning, SEMS now shares the same version as the SED client (Version 10.5). Both SED and SEMS can be referred to as the same version. Previously SEMS was on a 3.x naming convention and SED was on a 10.x naming convention. Now both server and client are referred to as SEMS/SED 10.5).
As mentioned above, Symantec Encryption Management Server has used TLS 1.0/1.1 for some features and backward compatibility for Symantec Encryption Desktop client versions 10.3.x and older or Symantec PGP Viewer application for Android devices.
DLP Data Insight integration users Symantec Encryption Management Server and TLS 1.0 must be enabled for this feature to work. For assistance on this, please contact Symantec Encryption Support.
Symantec Encryption Management Server 3.4 and Symantec Encryption Desktop 10.4 and above use TLS 1.2 as the default communications protocol. TLS 1.0 is still enabled on these newer versions of the software in order to support older client communications. Symantec Encryption Management Server 3.4.2 MP1 will be the last version to have TLS 1.0 enabled by default.
Starting with Symantec Encryption Management Server 3.4.2 MP2 and continuing with SEMS 10.5, TLS 1.0 will be disabled by default, and TLS 1.2 will be the only protocol available for secure communications.
It is still possible to configure the Symantec Encryption Management server to use TLS 1.0/1.1 for backward compatibility for Symantec Encryption Desktop 10.3.x or Android devices, and some other features. See below for the considerations as this applies to the SEMS 3.4.2 MP2 and newer during upgrades.
SEMS 10.5 will still support SED 10.3.2 clients, however, Symantec Enterprise Division strongly recommends upgrading these clients as soon as possible as 10.3.2 reached EOL July 31st, 2020.
Considerations before upgrading to Symantec Encryption Management Server 3.4.2 MP2 and newer:
Tip: For the current version of SEMS, see article 156303.
With new versions of Symantec Encryption Management Server, older versions reach the End of Life phase. For a listing of all Encryption products and their EOL dates, see article 152880.