By default, the Deep Security Manager console uses the following protocols to communicate with port 4199:
- TSLv1
- TLSv1.1
- TLSv1.2
- SSLv2Hello
With Deep Security Manager 9.6 Patch 1 and later versions, you can select the protocol type for DSM console. It enhances the Deep Security Manager's capability to use only a specific protocol, if required.
To change the protocol type:
- Stop the Deep Security Manager Service.
- Open the configuration.properties file under C:\ProgramFiles\TrendMicro\DeepSecurityManager.
- Add the following entry at the end of file and save it:
protocols=TLSv1.2
You can define more than one protocol by separating them with commas. For example, protocols=TLSv1,TLSv1.1,TLSv1.2 - Start the Deep Security Manager Service.
- Use the OpenSSL s_client command below to verify the protocol on the Deep Security Manager's web console port 4119:
OpenSSL> s_client -connect Deep_Security_Manager_IP_Address:4119
The SSL-Session section should show the protocol you defined in the configuration.properties file.