The Messaging Gateway mail service and the Control Center web application need to be configured to only allow the latest version of the Transport Layer Security (TLS) protocol.
Messaging Gateway later than 10.6.5
SSLv3/TLS 1.0/TLS 1.1 are no longer considered to be secure.
The PCI DSS standard is TLS 1.2 as of 30 June 2018, which is the version recommended by Symantec. As of the writing of this article, TLS 1.3 is not supported by SMG, but is on the roadmap for inclusion in a future version.
To restrict the TLS version used to secure SMTP email, the SSL Restrictions will need to be set in the SMG Control Center. This is a global setting and affects all SMG scanners managed by the Control Center GUI.
To restrict the TLS version allowed for HTTPS connections to the SMG Control Center web application, please
cc-config set-min-tls-level [--tls10|--tls11|--tls12]
cc-config set-min-tls-level --tls11
will allow TLS 1.2 and 1.1 to be used