Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring Cloud One Workload Security to use TLS 1.2

    • Updated:
    • 20 Jan 2021
    • Product/Version:
    • Cloud One - Workload Security All
    • Deep Security As A Service
    • Platform:
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2008 Server R2
    • Windows 2008 Server R2 with Hyper-V(TM)
    • Windows 7 32-Bit
    • Windows 7 64-Bit
    • Windows 8 32-Bit
    • Windows 8 64-Bit
    • Windows Vista 32-bit
    • Windows Vista 64-bit
    • Windows XP Professional
    • Windows XP Professional 64-bit
Summary
In 2015, the Payment Card Industry Security Standards Council (PCI SSC) extended the migration completion date to 30 June 2018 for transitioning from SSL and TLS 1.0 to a secure version of TLS. Many enterprises, in response to public exploits such as POODLE, have already started and completed this migration. For others, the June 30, 2018 deadline will be the event that drives completion of the migration across all solution components.
 
For PCI compliant customers, visibility of this requirement will be primarily evident through vulnerability scanning of their cardholder data environment.
 
The configuration guidance in this article is not limited to customers deploying Cloud One Workload Security in PCI compliant environments. The recommendations discussed below can be applied to any deployment to improve the overall security of that deployment.
 
 
Deep Security customers who deploy Deep Security as Software (on premise) should refer to https://success.trendmicro.com/solution/1119343 for more information.
 
Details
Public
Because Cloud One Workload Security is managed and operated by Trend Micro, use of Cloud One Workload Security in PCI compliant environments is simplified when compared to the steps customers must take to use Deep Security (on premise) Security Software deployment in a PCI compliant environment (Solution Article 1119343).
 
The configuration outlined below defines the steps that any Cloud One Workload Security customer can use to set the minimum TLS version used in their deployment to TLS 1.2.
 
 
Support for TLS 1.0 was discontinued on cloudone.trendmicro.com on June 1, 2018.
 
 
To improve the overall security posture of Cloud One Workload Security support for for TLS 1.0 will be discontinued on cloudone.trendmicro.com  on June 1, 2018.
 
To avoid impact to your deployment on June 1st when TLS 1.0 is disabled on cloudone.trendmicro.com you must ensure that:
  1. All web administration access to Cloud One Workload Security must use a web browser that supports TLS 1.2 or later
  2. The HTTPS interface to Cloud One Workload Security for any REST or SOAP applications must support TLS 1.2 or later
  3. If you have deployed your own relays ensure that they are using Deep Security Agent software version 10.0 Software Update 8 or later
 

Updated agents to prevent fallback to TLS 1.0

 
With the update of Deep Security 10.0 Software Upgrade 11 (May 2018) or later agents the logic to allow agents for fallback from TLS 1.2 to TLS 1.0 will be removed. This will ensure that if Deep Security 10.0 Software Update 10 or later agents are deployed, they are not at risk of man in the middle downgrade attacks.
 

Deep Security 9.6 Agent Life Cycle

 
Cloud One Workload Security will continue to support Deep Security 9.6 agents (which use TLS 1.0) for backward compatibility with customers that are not using Deep Security in PCI compliant environments. 
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1119450
Feedback
Did this article help you?

Thank you for your feedback!


*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.