topic Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections. in Endpoint

Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections.

Steven_Lucas — Tue, 22 Sep 2020 12:24:06 GMT

Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections. I tried Cipher_util, but this appears to not work on gateways that are endpoint agent servers.

Re: Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections.

_Val_ — Thu, 24 Sep 2020 14:25:10 GMT

Please raise a TAC case for this.

Re: Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections.

Steven_Lucas — Thu, 24 Sep 2020 15:14:37 GMT

Ended up following these steps:

TLSv1.2 Support
By default, the Endpoint Security servers in this release support TLSv1.2 and TLSv1 for
communication between clients and servers.
To configure servers to support TLSv1.2 only:
1. On each Endpoint Security server, open $UEPMDIR/apache/conf/ssl.conf.
2. Run: cpstop
3. Change the attribute SSLProtocol +TLSv1 +TLSv1.2 to: SSLProtocol TLSv1.2
4. Save changes.
5. Run: cpstart