Vulnerability scanner reports DLP uses weak 1024 ciphers related to java. 

Not all scan reports are accurate, please contact Support for assistance in validity.

You can disable these ciphers within Java by modifying java.security in <java install dir>\lib\security.

• Locate where java is installed.  For example lets say its an OCR server.  This would be located in by default C:\SymantecDLPOCR\jre\lib\security. 
  • Remember depending on the server you are just looking to see where java is installed as DLP runs under java.
• Open java.security file from <java install dir>\lib\security folder with a text editor.
• Add DH keySize < 2048 or modify it, if it exists.
• Modify 'jdk.tls.disabledAlgorithms= ' and add the below ciphers
• Save the file
• Restart all DLP services

Ciphers to add:

TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,   
TLS_DHE_DSS_WITH_AES_256_CBC_SHA,   
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,   
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,   
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
TLS_DHE_DSS_WITH_AES_128_GCM_SHA256

For example this line could look like:

• • jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 2048, \
        EC keySize < 224, 3DES_EDE_CBC, anon, DHE-RSA-AES256-GCM-SHA384, \
        NULL, \
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, \
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, \
        TLS_DHE_RSA_WITH_AES_256_CBC_SHA, \
        TLS_DHE_DSS_WITH_AES_256_CBC_SHA, \
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, \
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, \
        TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
        TLS_DHE_DSS_WITH_AES_128_CBC_SHA, \
        TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, \
        TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, \
        TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, \
        TLS_DHE_DSS_WITH_AES_128_GCM_SHA256