If TLS 1.0/1.1 is disabled on SMP Server, the Symantec Management Agent (SMA) fails to register after it has been installed using AeXNSC.exe.
Working fine with AeXNSHTTP(s).exe packages.
Steps To Reproduce:
After registration agent can switch to TLS1.2
When aexnsc.exe does not have a connection profile to use then it uses the default hardcoded profile where TLS 1.1/1.2 are OFF. That has been done on purpose because at a time enabling TLS 1.1/1.2 without proper enablement on the server could cause the connection to fail on some OS-es.
In 8.5 RU4 you can pass aexnsc.xml to aexnsc.exe, aexnsc.xml is now part of the client installation package. That is the same aexnsc.xml that can be found inside aexnschttp.exe
ITMS 8.1, 8.5
This issue has been fixed with our ITMS 8.6 Release. We enabled all TLS versions by default in 8.6.
TLS 1.0, 1.1 and 1.2 are now enabled on OS-es starting with Win7
TLS 1.0 is enabled on XP/2003/Vista/2008. TLS 1.1 and 1.2 are not supported there.