OpenJRE 1.8.0_352 fails on DLP Network Prevent for Email due to TLS 1.3 being required
search cancel

OpenJRE 1.8.0_352 fails on DLP Network Prevent for Email due to TLS 1.3 being required

book

Article ID: 258353

calendar_today

Updated On:

Products

Data Loss Prevention Data Loss Prevention Network Email Data Loss Prevention Network Prevent for Email

Issue/Introduction

Your attempts to use JRE 8u352b08 with your 15.8 or 16.0 DLP SMTP Prevent Servers in TLS mode connectivity to the MTA fail.
The new JRE 352 is forcing TLS version 1.3, and this is NOT supported by DLP 16.0 or 15.8.

Environment

DLP 15.8 and 16.0
Network Prevent for Email

Cause

Data Loss Prevention does not currently support TLS 1.3.

Resolution

Workaround

This is required because TLS 1.3 is NOT supported by DLP SMTP Prevent Detection Server.  
If you have completed these steps and have upgraded to a later version of OpenJRE, you do not need to complete them again.

 

Update the SymantecDLPManager.conf File

Complete the following steps to prompt OpenJRE 1.8.0_352 and later to use TLS 1.2:

  1. Locate SymantecDLPManager.conf on the Enforce Server server at the following location (based on your platform)
    • Windows: \Program Files\Symantec\DataLossPrevention\EnforceServer\Services
    • Linux: /opt/Symantec/DataLossPrevention/EnforceServer/Services
  2. Locate the line
    wrapper.java.additional.202 = -Djava.security.properties=../config/java.security
  3. Add the following line below the line listed in step #2:
    wrapper.java.additional.203 = -Djdk.tls.client.protocols="TLSv1.2"
    Note: The number 203 is an example, and if already in use, enter any unused number of higher value. 
  4. Save your changes.
  5. Restart the Enforce Server.

Update the SymantecDLPDetectionServer.conf File

Complete the following steps to prompt OpenJRE 1.8.0_352 to use TLS 1.2:

  1. Locate SymantecDLPDetectionServer.conf on the Network Prevent for Email server at the following location (based on your platform):
    • Windows: \Program Files\Symantec\DataLossPrevention\DetectionServer\Services
    • Linux: /opt/Symantec/DataLossPrevention/DetectionServer/Services
  2. Locate the line
    wrapper.java.additional.202 = -Djava.security.properties=../config/java.security
  3. Add the following line below the line listed in step #2:
    wrapper.java.additional.210 = -Djdk.tls.client.protocols="TLSv1.2"
    Note: The number 210 is an example, and if already in use, enter any unused number of higher value. 
  4. Save your changes.
  5. Restart the detection server.

Additional Information

This information was also published as a Product Advisory:

Connectivity issues experienced with OpenJRE 1.8.0_352

Powered by Wolken Software