SMTP/TLS needs to be configured to only use the latest version in the Symantec Messaging Gateway (SMG).
SSLv3/TLS 1.0/TLS 1.1 are no longer considered to be secure.
The PCI DSS standard is TLS 1.2 as of 30 June 2018, which is the version recommended by Symantec. As of the writing of this article, TLS 1.3 is not supported by SMG, but is on the roadmap for inclusion in a future version.
cc-config set-min-tls-level [--tls10|--tls11|--tls12]
cc-config set-min-tls-level --tls11will allow TLS 1.2 and 1.1 to be used.
If the SMG does not show the selected TLS level after configuration, reboot of the appliance may be required.
FIPS Mode will automatically disable SSLv3. See FIPS mode best practices and considerations for more.
For further information, please refer to the Administration Guide for SMG.
If you are using a version of SMG that is older than 10.6.5, SSL v.3 is the only option that is allowed to be disabled. Upgrade to the latest version for more support for later versions of TLS.