HOWTO - Configure Symantec Protection Engine (SPE) 7.5.x User Interface to allow only connections secured by TLS 1.2.

book

Article ID: 178893

calendar_today

Updated On:

Products

Protection Engine for Cloud Services Protection Engine for NAS

Issue/Introduction

 

Resolution

Symantec Protection Engine (SPE) utilizes a User Interface built on top of Oracle Java.  The following instructions provide a method to configure the Java security settings to disallow all secure connections not utilizing TLS 1.2.

(Note:  This process was tested utilizing the latest version of Java 8.  Older versions may not have the same features.)

  1. Locate the Java installation path.
  2. Within the Java installation path navigate to /lib/security (linux) or \lib\security (windows)
  3. Edit the following line within "java.security"   jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
  4. Change to:

    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5withRSA, DH keySize < 768

  5. Save the changes to the file.
  6. Restart the server.

 

To determine if the changes have taken effect:

  1. Open your preferred web browser.
  2. Configure web browser to explicitly utilize TLS 1.2 only.  Close/Reopen browser.
  3. Test connection to Symantec Protection Engine User Interface.
  4. Repeat test by explicitly defining TLS 1.0 or TLS 1.1 only.

The expected results would be TLS 1.2 allowing the connection while 1.0 or 1.1 fail.