search cancel

Configuring TLS 1.2 for the CSP management server and Windows agent communication

book

Article ID: 174572

calendar_today

Updated On:

Products

Embedded Security Critical System Protection Critical System Protection

Issue/Introduction

To meet regulatory compliance standards or enhance the security of your environment you can configure TLS 1.2 for the CSP management server and Windows agent communication.
 

Environment

Windows

Resolution

Perform the following tasks to configure TLS 1.2 on the CSP management server:

  1. On the system where you have installed the management server, navigate to the CSP management server installation path.
  2. Open the /tomcat/conf folder.
  3. Navigate to the server.xml file and create a copy of it for backup.
  4. Edit the server.xml file by changing the following parameters:
    • sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to sslEnabledProtocols="TLSv1.2for all the locations.
    • sslProtocol="TLS" to sslProtocol="TLSv1.2" for all the locations.
  5. If required, update the ciphers as follows: ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,  TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
  6. Save the server.xml file.
  7. Restart either the Symantec Critical System Protection Manager service or the CSP management server for the changes to take effect.