In Data Loss Prevention Web Prevent, new integrated Secure ICAP feature does not work in FIPS 140-2 mode. Secure ICAP connection cannot be established.
Data Loss Prevention versions 15.1+
This issue may arise due to a bug in FIPS 140-2 validated cryptographic library, causing the TLS handshake to fail. FileReader log file (FileReaderX.log, X is sequentially increasing starting 0) may have either following entry:
Or
Disable Elliptic-Curve cryptography, by including it in the list of disabled algorithms (jdk.tls.disabledAlgorithms property) of java.security configuration file. Follow these steps:
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, DES40_CBC, RC4_40
jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \
EC, DES40_CBC, RC4_40
DLP_INSTALL_DIR is the home directory of DLP installation, typically “C:\Program Files\Symantec\Data Loss Prevention” for Windows installations, and “/opt/Symantec/DataLossPrevention” for Linux installations.
JRE_VERSION would typically be the version of JRE bundled with the product, for example 1.8.0_162.