Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Steven_Lucas
Participant

Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections.

Jump to solution

Checkpoint R80.30 Smart Endpoint Agent Connections still allows inbound TLS 1.0 connections. I tried Cipher_util, but this appears to not work on gateways that are endpoint agent servers. 

0 Kudos
1 Solution

Accepted Solutions
Steven_Lucas
Participant

Ended up following these steps: 

 

TLSv1.2 Support
By default, the Endpoint Security servers in this release support TLSv1.2 and TLSv1 for
communication between clients and servers.
To configure servers to support TLSv1.2 only:
1. On each Endpoint Security server, open $UEPMDIR/apache/conf/ssl.conf.
2. Run: cpstop
3. Change the attribute SSLProtocol +TLSv1 +TLSv1.2 to: SSLProtocol TLSv1.2
4. Save changes.
5. Run: cpstart

View solution in original post

0 Kudos
2 Replies
_Val_
Admin
Admin

Please raise a TAC case for this.

Steven_Lucas
Participant

Ended up following these steps: 

 

TLSv1.2 Support
By default, the Endpoint Security servers in this release support TLSv1.2 and TLSv1 for
communication between clients and servers.
To configure servers to support TLSv1.2 only:
1. On each Endpoint Security server, open $UEPMDIR/apache/conf/ssl.conf.
2. Run: cpstop
3. Change the attribute SSLProtocol +TLSv1 +TLSv1.2 to: SSLProtocol TLSv1.2
4. Save changes.
5. Run: cpstart

View solution in original post

0 Kudos