Configuring TLS 1.2 for the CSP management server and Windows agent communication
Last Updated April 29, 2019
To meet regulatory compliance standards or enhance the security of your environment you can configure TLS 1.2 for the CSP management server and Windows agent communication.
Perform the following tasks to configure TLS 1.2 on the CSP management server:
On the system where you have installed the management server, navigate to the CSP management server installation path.
Open the /tomcat/conf folder.
Navigate to the server.xml file and create a copy of it for backup.
Edit the server.xml file by changing the following parameters:
sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to sslEnabledProtocols="TLSv1.2" for all the locations.
sslProtocol="TLS" to sslProtocol="TLSv1.2" for all the locations.
If required, update the ciphers as follows: ciphers="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_ECDHE_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,SSL_RSA_WITH_RC4_128_SHA"
Save the server.xml file.
Restart either the Symantec Critical System Protection Manager service or the CSP management server for the changes to take effect.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe