Symantec Protection Engine (SPE) utilizes a User Interface built on top of Oracle Java. TLS negotiation is implemented by the Java TLS libraries within the JRE. This means that Java handles the entire cipher suite negotiation entirely outside of Protection Engine itself. The following instructions provide a method to configure the Java security settings to disallow all secure connections not utilizing TLS 1.2.
(Note: Some of the supported JRE versions may not have the same features or process.)
jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5withRSA, DH keySize < 768
To determine if the changes have taken effect:
The expected results would be TLS 1.2 allowing the connection while 1.0 or 1.1 fail.