HOWTO - Configure Symantec Protection Engine (SPE) 7.5.x User Interface to allow only connections secured by TLS 1.2.


Article ID: 178893


Updated On:


Protection Engine for Cloud Services Protection Engine for NAS




Symantec Protection Engine (SPE) utilizes a User Interface built on top of Oracle Java.  The following instructions provide a method to configure the Java security settings to disallow all secure connections not utilizing TLS 1.2.

(Note:  This process was tested utilizing the latest version of Java 8.  Older versions may not have the same features.)

  1. Locate the Java installation path.
  2. Within the Java installation path navigate to /lib/security (linux) or \lib\security (windows)
  3. Edit the following line within ""   jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
  4. Change to:

    jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, MD5withRSA, DH keySize < 768

  5. Save the changes to the file.
  6. Restart the server.


To determine if the changes have taken effect:

  1. Open your preferred web browser.
  2. Configure web browser to explicitly utilize TLS 1.2 only.  Close/Reopen browser.
  3. Test connection to Symantec Protection Engine User Interface.
  4. Repeat test by explicitly defining TLS 1.0 or TLS 1.1 only.

The expected results would be TLS 1.2 allowing the connection while 1.0 or 1.1 fail.