How to Disable TLS 1.0 and TLS 1.1 on Dell Security Management Server and Dell Security Management Server Virtual

Summary: TLS 1.0 and TLS 1.1 can be disabled on Dell Security Management Server and Dell Security Management Server Virtual by following these instructions.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

To ensure the security of communication to and from a Dell Security Management Server or Dell Security Management Server Virtual, it may be necessary to disable TLS 1.0 and TLS 1.1 for compliance with internal security requirements.

Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual

Affected Versions:

  • v9.10.0 and Later

Affected Operating Systems:

  • Windows
  • Linux

Cause

Not applicable

Resolution

In order to disable TLS 1.0 and TLS 1.1, Dell Data Security products must meet a minimum version requirement:

Product Minimum Version to Disable TLS 1.0 and TLS 1.1
Dell Security Management Server 9.10
Dell Security Management Server Virtual 9.10
Preboot Authentication 8.16
CMG Administrative Utilities 8.16
Windows Shield 8.16
Windows Advanced Threat Prevention 1420
Client Security Framework 8.16
Windows Dell Data Guardian 1.3
iOS Dell Data Guardian 1.5
Android Dell Data Guardian 1.5 (1.6 for KitKat)
Dell Data Guardian Portal 1.3
Mac Dell Data Guardian 1.5
Mac Shield 8.17
Mac Advanced Threat Prevention 1.5
Linux Advanced Threat Prevention 1.0

For more information about disabling TLS, select either Dell Security Management Server, Dell Security Management Server Virtual, or the Front-End Server.

Dell Security Management Server

The process to disable TLS differs between versions. Select either version 11.3.0 and Later or versions 9.10.0 to 11.2.0 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Device Server, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

Updated excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

v9.10.0 to 11.2.0

TLS must be disabled from the Security Server, Device Server, Compliance Reporter, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Compliance Reporter is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Compliance Reporter\conf\eserver.properties with a text editor and then go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

Dell Security Management Server Virtual

The process to disable TLS differs between versions. Select either version 11.3.0 and Later, versions 9.11.0 to 11.2.0, or versions 9.10.0 to 9.10.1 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Identity Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

v9.11.0 to 11.2.0

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command: sudo nano /opt/dell/server/reporter/conf/eserver.properties.
  2. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

v9.10.0 to 9.10.1

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3">.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command sudo nano /opt/dell/server/reporter/conf/eserver.properties.

eserver.properties

  1. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server Virtual.

Front-End Server

TLS must be disabled from the Security Server Proxy, Device Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Device Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-Jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Core Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.
Note: For more information, reference How to Stop and Start Services in Dell Security Management Server.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Encryption
Article Properties
Article Number: 000124196
Article Type: Solution
Last Modified: 01 Nov 2023
Version:  19
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.