Error releasing messages from Messaging Gateway quarantine from the DLP Enforce console after upgrade to 10.6.3

Article Id: 169867

Status: Published

Updated On: 24-07-2017 15:17

Legacy Id: TECH247088

Products:

Messaging Gateway

Issue/Introduction:

After upgrading to Messaging Gateway (SMG) to version 10.6.3 you get an SSL error when trying to release messages from the SMG quarantine from the DLP console.

In the tomcat log,

20 Jul 2017 09:15:01,401- Thread: 161 SEVERE [com.symantec.dlpx.flexresponse.emailquarantineconnect.EmailQuarantineConnectPlugin] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Cause:

This is due to a change in ciphers that are accepted by SMG 10.6.3. SMG 10.6.3 requires TLS 1.2 ciphers and does not allow failover to TLS 1.0

Resolution:

Change the configuration files for flex response to use TLS version 1.2 in the following three files:

EmailQuarantineConnectApproved.properties
EmailQuarantineConnectCustom.properties
EmailQuarantineConnectRejected.properties

(NOTE: These files are located in <drive>:\SymantecDLP\Protect\plugins)

The setting "ssl-protocol-version = TLSv1" should be changed to "ssl-protocol-version = TLSv1.2"

Save the files and restart the Vontu Manager service.