Protection Engine GUI utilizes a DHE length less than 2048 bits.
Last Updated August 31, 2017
Utilizing a vulnerability scanner on a server containing Symantec Protection Engine (SPE) with the GUI installed returns a warning indicating port 8004 DHE key length is less than 2048 bits.
Any supported version of Symantec Protection Engine
Any supported platform
Java 8 or older
Symantec Protection Engine (SPE) utilizes Java as the back end to load the Graphical User Interface (GUI). This includes the initial secure handshake between the client browser and the SPE server. Versions of Java prior to 8 did not support modifying the DHE key length. Starting with Java 8 the DHE key length is set to a minimum of 1024 and in addition a new global parameter is available to increase the key length to greater than default.
For more information see: https://docs.oracle.com/javase/8/docs/technotes/guides/security/enhancements-8.html
To increase the DHE key length for the Symantec Protection Engine GUI please do the following:
If not already installed, update system to utilize Java 8.
Download attached file ssejvm.zip from this article.
Extract contents of ssejvm.zip (ssejvm.config) to SPE install location:
Windows: <InstallPath>\Symantec\Scan Engine
Restart the symcscan / Symantec Protection Engine service.