Historically, Symantec Encryption Management Server has used TLS 1.0/1.1 for some features and backward compatibility for Symantec Encryption Desktop client versions 10.3.x and older or Symantec PGP Viewer application for Android devices.
Symantec Encryption Management Server 3.4 and Symantec Encryption Desktop 10.4 and above use TLS 1.2 as the default communications protocol. TLS 1.0 is still enabled on these newer versions of the software in order to support older client communications. Symantec Encryption Management Server 3.4.2 MP1 will be the last version to have TLS 1.0 enabled by default.
Starting with Symantec Encryption Management Server 3.4.2 MP2, TLS 1.0 will be disabled by default, and TLS 1.2 will be the only protocol available for secure communications.
It is still possible to configure the Symantec Encryption Management server to use TLS 1.0/1.1 for backward compatibility for Symantec Encryption Desktop 10.3.x or Android devices, and some other features. See below for the considerations as this applies to the SEMS 3.4.2 MP2 upgrade.
Considerations before upgrading to Symantec Encryption Management Server 3.4.2 MP2:
Legacy TLS 1.0/1.1 for communications, such as LDAPS for enrollment, or TLS email encryption If legacy systems require the use of TLS 1.0/1.1 for communications with SEMS, these will need to be enabled once the upgrade has completed.
Web Email Protection Complete Customization templates If the Complete Customization is being used for WEP, before migrating to 3.4.2 MP2, first save the customization template, then remove the existing customization, upgrade the server and rebuild complete customization once the upgrade has completed.
SEMS Proxy Configuration adjustments may be needed SEMS 3.4.2 MP2 will set the mail proxy configuration to STARTTLS attempt by default. Make note of what settings you require in your own environment prior to upgrading to SEMS 3.4.2 MP2 to make the proper adjustments post upgrade.
Symantec Encryption Desktop 10.3.x and older These older versions used TLS 1.0 for communication to the SEMS and must be updated to 10.4 before it will communicate on TLS 1.2. If this is still needed, please contact support to re-enable TLS 1.0/1.1 manually.
Certificate enrollment with TLS 1.2 If certificate enrollment is being used for enrollment, TLS 1.0/1.1 is still required. If this is still needed, please contact support to re-enable TLS 1.0/1.1 manually.
SEE Management Server and Whole Disk Recovery Token Retrieval If a SEE Management Server is being used to retrieve Whole Disk Recovery tokens from SEMS 3.4.2 MP2, TLS 1.0/1.1 must still be enabled. If this is still needed, please contact support to re-enable TLS 1.0/1.1 manually.
Symantec PGP Viewer for Android uses TLS 1.0 for communications. If this is still needed, please contact support to re-enable TLS 1.0/1.1 manually.
Subscribing will provide email updates when this Article is updated. Login is required.