Cryptzone Support

 
If you wish to submit a support ticket please sign in to your customer portal or use the “submit a ticket” button at the top menu.
If you need to find documentation about our Sheriff Suite please login to the Hive- Click Here

 

Article

SEP Security Patch

« Go Back

Information

 
Article Number000001153
Article

Reference

In the lights of recently disclosed SSLv3 vulnerabilities (more details in regards to POODLE can be found here), Cryptzone’s SEP platform now supports disabling SSLv3 and enforcing TLS protocols.

The TLS1.2 protocol is supported when using the proprietary “sep://” protocol and TLS 1.0 is supported when using “https://” as protocol.

Versions to use for each component providing these capabilities are:

SEP Server and MC 5.0.42 (or later)

SEP Client 5.0.81 (or later)

SEP eCollaboration 5.0.56.0 (or later)

Recommendation

Due to known security issues in SSLv3 all existing customers are advised to upgrade to the latest version and disable SSLv3 protocol.

Upgrade Considerations

After SEP Server upgrade, for backwards compatibility SEP Server will continue to accept SSLv3 protocol, until it is explicitly disabled.

If the SSLv3 is disabled on the server side, SEP Clients, eCollaboration add-on and Secured eUSB drives using older versions will not be able to communicate using “sep://” protocol, however “https://” protocol will continue to work.

For customers with lots of deployed SEP Clients, it is possible to disable SSLv3 after the SEP Clients and Secured eUSB drives are upgraded.

 

Disabling SSLv3 Protocol in SEP Server

SSLv3 protocol can be disabled is the same manner as for the SEP Server. If it’s disabled, SEP Server will only accept TLS 1.2 on “sep://” and TLS 1.0 on “https://” ports.

  1. Upgrade the SEP Server to 5.0.42 (or later)
  2. Stop the SEP Server
  3. Add the following line to configuration.xml file that resides in the SEP Server installation directory:<DisableSslv3>True<DisableSslv3> 
  4. Save the file.
  5. Start the SEP Server

Upgrading Secured eUSB Clients

Secured eUSB drive can be upgraded by plugging in USBs to the computers where the SEP Client (5.0.81 or later) is installed.

 

After upgrading the SEP Client, plug the old Secured eUSB drives into the computer then follow the instructions above.

Related File 
Additional Files 

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255