Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000124196

How to Disable TLS 1.0 and TLS 1.1 on Dell Security Management Server and Dell Security Management Server Virtual

Summary: TLS 1.0 and TLS 1.1 can be disabled on Dell Security Management Server and Dell Security Management Server Virtual by following these instructions.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

To ensure the security of communication to and from a Dell Security Management Server or Dell Security Management Server Virtual, it may be necessary to disable TLS 1.0 and TLS 1.1 for compliance with internal security requirements.

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual

Affected Versions:

  • v9.10.0 and Later

Affected Operating Systems:

  • Windows
  • Linux

Cause

Not applicable

Resolution

In order to disable TLS 1.0 and TLS 1.1, Dell Data Security products must meet a minimum version requirement:

Product Minimum Version to Disable TLS 1.0 and TLS 1.1
Dell Security Management Server 9.10
Dell Security Management Server Virtual 9.10
Preboot Authentication 8.16
CMG Administrative Utilities 8.16
Windows Shield 8.16
Windows Advanced Threat Prevention 1420
Client Security Framework 8.16
Windows Dell Data Guardian 1.3
iOS Dell Data Guardian 1.5
Android Dell Data Guardian 1.5 (1.6 for KitKat)
Dell Data Guardian Portal 1.3
Mac Dell Data Guardian 1.5
Mac Shield 8.17
Mac Advanced Threat Prevention 1.5
Linux Advanced Threat Prevention 1.0

For more information about disabling TLS, select either Dell Security Management Server, Dell Security Management Server Virtual, or the Front-End Server.

Dell Security Management Server

The process to disable TLS differs between versions. Select either version 11.3.0 and Later or versions 9.10.0 to 11.2.0 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Device Server, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

Updated excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

v9.10.0 to 11.2.0

TLS must be disabled from the Security Server, Device Server, Compliance Reporter, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Compliance Reporter is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Compliance Reporter\conf\eserver.properties with a text editor and then go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

Dell Security Management Server Virtual

The process to disable TLS differs between versions. Select either version 11.3.0 and Later, versions 9.11.0 to 11.2.0, or versions 9.10.0 to 9.10.1 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Identity Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

v9.11.0 to 11.2.0

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command: sudo nano /opt/dell/server/reporter/conf/eserver.properties.
  2. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

v9.10.0 to 9.10.1

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3">.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command sudo nano /opt/dell/server/reporter/conf/eserver.properties.

eserver.properties

  1. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Front-End Server

TLS must be disabled from the Security Server Proxy, Device Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-Jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Core Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties

Affected Product

Dell Encryption

Last Published Date

01 Nov 2023

Version

19

Article Type

Solution

Back to Top