How to change the cipher strength on Enforce UI (tomcat server)
search cancel

How to change the cipher strength on Enforce UI (tomcat server)

book

Article ID: 405453

calendar_today

Updated On:

Products

Data Loss Prevention Core Package

Issue/Introduction

Enforce UI does not have the proper cipher strength 

Environment

Rhel 8.x /9x

DLP 16.x and above

Cause

Cipher strength listed in server.xml does not have the cipher strength that is required by security or organizational policies. 

Resolution

  • Browse to the server.xml and update the following line 
    • Default location is: /opt/Symantec/DataLossPrevention/EnforceServer/<version>/Protect/tomcat/conf
    • ciphers="TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA"
  • Ciphers can be removed or added as needed. The above line contains the default that is shipped during install. 
  • After changing the server.xml, the SymantecDLPManagerServer Service will need to be restarted. 
Powered by Wolken Software