Vulnerability scanner is showing that DLP is using weak 1024 ciphers.

You can disable these ciphers within Java by modifying java.security in <java install dir>\lib\security.

• First locate where java is installed.  For example lets say its an OCR server.  This would be located in by default C:\SymantecDLPOCR\jre\lib\security.  Remember depending on the server you are just looking to see where java is installed as DLP runs under java.
• open java.security file from <java install dir>\lib\security folder with a text editor.
• Modify 'jdk.tls.disabledAlgorithms= ' and add the below ciphers:
  • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
    TLS_DHE_RSA_WITH_AES_256_CBC_SHA,   
    TLS_DHE_DSS_WITH_AES_256_CBC_SHA,   
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA,   
    TLS_DHE_DSS_WITH_AES_128_CBC_SHA,   
    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
    TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
    TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
• Also add DH keySize < 2048 or modify it if it exists.
• For example this line could look like:
  • jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048, \
        EC keySize < 224, 3DES_EDE_CBC, anon, DHE-RSA-AES256-GCM-SHA384, \
        NULL, \
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
        TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
        TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
• Save this file.
• Restart all DLP services