Preskočiť na hlavný obsah
  • Zadávajte objednávky rýchlo a jednoducho
  • Pozrite si svoje objednávky a sledujte priebeh doručenia
  • Vytvorte si zoznam svojich produktov a majte ho vždy poruke

How to Disable TLS 1.0 and TLS 1.1 on Dell Security Management Server and Dell Security Management Server Virtual

Zhrnutie: TLS 1.0 and TLS 1.1 can be disabled on Dell Security Management Server and Dell Security Management Server Virtual by following these instructions.

Tento článok sa vzťahuje na Tento článok sa nevzťahuje na Tento článok nie je viazaný na žiadny konkrétny produkt. V tomto článku nie sú uvedené všetky verzie produktov.

Symptómy

To ensure the security of communication to and from a Dell Security Management Server or Dell Security Management Server Virtual, it may be necessary to disable TLS 1.0 and TLS 1.1 for compliance with internal security requirements.


Affected Products:

  • Dell Security Management Server
  • Dell Security Management Server Virtual

Affected Versions:

  • v9.10.0 and Later

Affected Operating Systems:

  • Windows
  • Linux

Príčina

Not applicable

Riešenie

In order to disable TLS 1.0 and TLS 1.1, Dell Data Security products must meet a minimum version requirement:

Product Minimum Version to Disable TLS 1.0 and TLS 1.1
Dell Security Management Server 9.10
Dell Security Management Server Virtual 9.10
Preboot Authentication 8.16
CMG Administrative Utilities 8.16
Windows Shield 8.16
Windows Advanced Threat Prevention 1420
Client Security Framework 8.16
Windows Dell Data Guardian 1.3
iOS Dell Data Guardian 1.5
Android Dell Data Guardian 1.5 (1.6 for KitKat)
Dell Data Guardian Portal 1.3
Mac Dell Data Guardian 1.5
Mac Shield 8.17
Mac Advanced Threat Prevention 1.5
Linux Advanced Threat Prevention 1.0

For more information about disabling TLS, select either Dell Security Management Server, Dell Security Management Server Virtual, or the Front-End Server.

Dell Security Management Server

The process to disable TLS differs between versions. Select either version 11.3.0 and Later or versions 9.10.0 to 11.2.0 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Device Server, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

Updated excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

v9.10.0 to 11.2.0

TLS must be disabled from the Security Server, Device Server, Compliance Reporter, and Core Server. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Device Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Compliance Reporter is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Compliance Reporter\conf\eserver.properties with a text editor and then go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Save and exit.
  2. Restart all services.

Dell Core Server service is a Microsoft .NET Framework based service. Modifying these settings also affects any other .NET Framework services that are hosted on this server and changes the core connectivity options for the operating system as a whole.

Note: For Core Server changes to take effect the host must be rebooted.
  1. Right-click the Windows Start Menu and then select Run.

Run

  1. In the Run UI, type regedit and then press OK. This opens the Registry Editor.

Run UI

  1. Go to [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols].

Registry Editor

  1. Right-click protocols and then select New > Key.

New Key

  1. Name the new key TLS 1.0. Repeat the process to create a second key that is named TLS 1.1 and a third that is named TLS 1.2.

New keys

  1. Right-click the TLS 1.0 key and then select New > Key.

New Key

  1. Name the new key Client.

Client

  1. Repeat Steps 6 and 7 to create a Client and Server key for TLS 1.0, TLS 1.1, and TLS 1.2.

New keys

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD DisabledByDefault and then set the value to 0.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD Enabled and then set the value to 1.

DWORD settings

  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

Note: SchUseStrongCrypto forces all .NET Framework applications to use strong cryptographic functions when they make TLS calls. For more information, reference https://docs.microsoft.com/en-us/dotnet/framework/network-programming/tls#schusestrongcrypto This hyperlink is taking you to a website outside of Dell Technologies..
  1. Open HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319. Right-click the right pane and then select New > DWORD (32-bit) value.

New DWORD

  1. Name the new DWORD SchUseStrongCrypto and then set the value to 1.

DWORD settings

  1. Restart the server for the changes to take effect.

Dell Security Management Server Virtual

The process to disable TLS differs between versions. Select either version 11.3.0 and Later, versions 9.11.0 to 11.2.0, or versions 9.10.0 to 9.10.1 for specific steps. For versioning information, reference How to Identify the Dell Data Security / Dell Data Protection Server Version.

v11.3.0 and Later

TLS must be disabled from the Security Server, Identity Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

v9.11.0 to 11.2.0

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and the press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

Updated clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.
Exit
  1. Restart all services.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command: sudo nano /opt/dell/server/reporter/conf/eserver.properties.
  2. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to dellsupport using the su dellsupport command.

Change user

  1. Confirm the password for the dellsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to return to log out of dellsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

v9.10.0 to 9.10.1

TLS must be disabled from the Security Server, Identity Server, Compliance Reporter, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/security-server/conf/spring-jetty.xml using the command sudo nano /opt/dell/server/security-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3">.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Go to <bean id="clientAuthContextFactory"...>.

clientAuthContextFactory

  1. Add <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" /> between the <property name="wantClientAuth" value="true" /> and <property name="excludeCipherSuites"> lines.

clientAuthContextFactory

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

Dell Identity Server service is a mono-based service. Modifying these values requires a restart to the server before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/local-server/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/local-server/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart the server for the changes to take effect.

Dell Compliance Reporter service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/reporter/conf/eserver.properties with a text editor using the command sudo nano /opt/dell/server/reporter/conf/eserver.properties.

eserver.properties

  1. Go to eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2.

eserver.ssl.protocols

  1. Modify eserver.ssl.protocols=TLSv1, TLSv1.1, TLSv1.2 to read eserver.ssl.protocols=TLSv1.2.

Updated eserver.ssl.protocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Log in to the Dell Security Management Server Virtual administration console.
Note:
  • The default credentials for Dell Security Management Server Virtual are:
    • Username: delluser
    • Password: delluser
  • An administrator can change the default password within the product’s virtual appliance menu.
  1. From the Main Menu, select Launch Shell and then press Enter.

Launch Shell

  1. Change the user to ddpsupport using the su ddpsupport command.

Change user

  1. Confirm the password for the ddpsupport user.

Confirm password

  1. Open /opt/dell/server/core-server-proxy/conf/spring-jetty.xml with a text editor using the command sudo nano /opt/dell/server/core-server-proxy/conf/spring-jetty.xml.

spring-jetty.xml

  1. Go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Press CTRL + X to exit.

Exit

  1. Press Y to save the changes and then press Enter to confirm the file name.

Save

  1. Type exit and then press Enter to log out of ddpsupport.

Exit

  1. Type exit and then press Enter to log out of the shell to the Main Menu.

Exit

  1. Restart all services.

Front-End Server

TLS must be disabled from the Security Server Proxy, Device Server, and Core Server Proxy. For more information, select the appropriate function.

Dell Security Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Security Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Device Server service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Device Server\conf\spring-Jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.

Dell Core Server Proxy service is a Java-based service. Modifying these values requires a restart to the service before the changes take effect.

  1. Open ..\Dell\Enterprise Edition\Core Server Proxy\conf\spring-jetty.xml with a text editor and then go to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" />.

excludeProtocols

  1. Alter <property name="excludeProtocols" value="SSL,SSLv2,SSLv3" /> to <property name="excludeProtocols" value="SSL,SSLv2,SSLv3,TLSv1,TLSv1.1" />.

Updated excludeProtocols

  1. Save and exit.
  2. Restart all services.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Dotknuté produkty

Dell Encryption
Vlastnosti článku
Číslo článku: 000124196
Typ článku: Solution
Dátum poslednej úpravy: 01 nov 2023
Verzia:  19
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.