In the lights of recently disclosed SSLv3 vulnerabilities (more details in regards to POODLE can be found here), Cryptzone’s SEP platform now supports disabling SSLv3 and enforcing TLS protocols.
The TLS1.2 protocol is supported when using the proprietary “sep://” protocol and TLS 1.0 is supported when using “https://” as protocol.
Versions to use for each component providing these capabilities are:
SEP Server and MC 5.0.42 (or later)
SEP Client 5.0.81 (or later)
SEP eCollaboration 188.8.131.52 (or later)
Due to known security issues in SSLv3 all existing customers are advised to upgrade to the latest version and disable SSLv3 protocol.
After SEP Server upgrade, for backwards compatibility SEP Server will continue to accept SSLv3 protocol, until it is explicitly disabled.
If the SSLv3 is disabled on the server side, SEP Clients, eCollaboration add-on and Secured eUSB drives using older versions will not be able to communicate using “sep://” protocol, however “https://” protocol will continue to work.
For customers with lots of deployed SEP Clients, it is possible to disable SSLv3 after the SEP Clients and Secured eUSB drives are upgraded.
Disabling SSLv3 Protocol in SEP Server
SSLv3 protocol can be disabled is the same manner as for the SEP Server. If it’s disabled, SEP Server will only accept TLS 1.2 on “sep://” and TLS 1.0 on “https://” ports.
- Upgrade the SEP Server to 5.0.42 (or later)
- Stop the SEP Server
- Add the following line to configuration.xml file that resides in the SEP Server installation directory:<DisableSslv3>True<DisableSslv3>
- Save the file.
- Start the SEP Server
Upgrading Secured eUSB Clients
Secured eUSB drive can be upgraded by plugging in USBs to the computers where the SEP Client (5.0.81 or later) is installed.
After upgrading the SEP Client, plug the old Secured eUSB drives into the computer then follow the instructions above.