When Symantec Messaging Gateway (SMG) is set to run in FIPS compliant mode, TLS secured message delivery to the configured DLP server fails. All outbound messages are queued in the delivery queue with an error indicating that TLS negotiation has failed.
451 4.7.5 [internal] tls negotiation failed
When in FIPS mode, the SMG appliance is unable to negotiate a secure, TLS encrypted connection to the DLP Prevent server fail due to increased security requirements of running in FIPS-2 compliant mode. This occurs regardless of whether the DLP Prevent server was installed with the FIPS compliant options.
This is a known issue and has been fixed in SMG 10.5.2. Please update when able.
This issue can be worked around by either
Reconfiguring the DLP Connect option to use plaintext delivery rather than TLS secured delivery
Disable FIPS mode via the CLI fipsmode off command
If neither of these options is compatible with your internal security policies, please contact Symantec Customer Support to discuss other potential workarounds.
Messaging Gateway DLP Prevent
Imported Document ID: TECH212117
Subscribing will provide email updates when this Article is updated. Login is required.