The Deep Security Manager console supports both strong and weak ciphers, but some customers require using only the strong ciphers.
This article explains how you can remove support for the ciphers that are not allowed in your network.
You can control which ciphers the DSM console should support by modifying the configuration.properties file. Do the following:
- From the DSM server, open the C:\Program Files\Trend Micro\Deep Security Manager\configuration.properties file.
- Add the following line:
ciphers=SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA - Remove the ones that you do not want to support.
- Save and close the file.
- Restart the Trend Micro Deep Security Manager service.