Enabling TLS 1.2 support in Smart Protection Server

Smart Protection Server3.1 , Smart Protection Server3.3

Last updated: 2022/04/13

Solution ID: KA-0007195

Category: Configure

This article shows the steps when turning on TLS 1.2 support in Standalone Smart Protection Server (SPS).

TLS 1.2 can only be enabled by turning on supported ciphers. Instructions below provide information of TLS 1.2 supported ciphers only.

Customers who adopted this instruction were advised to test compatibility with browsers and applications in staging environment first.

SPS version 3.1 or later is required.

Log in to command shell.
Execute the following command:
vi /etc/lighttpd/lighttpd.conf
Replace "var.ssl-cipher-list" with var.ssl-cipher-list = "TLSv1.2:!eNULL:!aNULL".
Press 'ESC'. Type ":wq!" then press 'Enter' to save the changes and exit vi interface.
Execute the following command:
service lighttpd restart

After applying the changes, SPS web console and Smart Scan will be limited to use TLS 1.2 only.

Known Issues

After applying this solution on SPS, it may display the following error in the SPS Summary page:

Meanwhile, there are corresponding logs viewable in Logs > Reputation Service Log:

This error does not affect the File Reputation Query function. Trend Micro will release a hot fix to address this UI error.

After applying this solution on SPS, Suspicious Object list synchronization fails and the following error message appears:

Was this article helpful?