Controlling ciphers that the Deep Security Manager (DSM) console uses

Deep Security10.2 , Deep Security10.1 , Deep Security10.0 , Deep Security10.3

Last updated: 2021/08/28

Solution ID: KA-0001611

Category: Configure

The Deep Security Manager console supports both strong and weak ciphers, but some customers require using only the strong ciphers.

This article explains how you can remove support for the ciphers that are not allowed in your network.

You can control which ciphers the DSM console should support by modifying the configuration.properties file. Do the following:

From the DSM server, open the C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties file.
Add the following line:
ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
Remove the ones that you do not want to support.
Save and close the file.
Restart the Trend Micro Deep Security Manager service.

Was this article helpful?