Du to vulnerabilities in SSL, for example POODLE, Cryptzone has implemented TLS 1.2 on "sep://" connections and TLS 1.0 on "https://" connections from version 18.104.22.168 and newer.
Due to known issues in SSL v3 all existing customers are advised to upgrade to this version (22.214.171.124) or newer.
SEP server: To disable SSL v3 and enforce minimum TLS 1.0:
Upgrade the SEP Server to 5.0.42 (or later)
- Stop the SEP Server.
- Add the following line to configuration.xml file that resides in the SEP Server installation directory:<DisableSslv3>True<DisableSslv3>
- Save the file.
- Start the SEP Server.
After this change, SEP Clients older than 5.0.81 will not be able to connect using sep:// protocol. However the https:// protocol will continue to work.
SEP Clients v 5.0.81 or newer can use both sep:// and https:// protocols, while talking to a SEP Server with min TLS 1.0 enforcement.
How to upgrade Secured eUSB clients
Once the SEP client is upgraded, all Secured eUSBs should be upgraded to the latest version to support TLS.
1. Make sure your client is the latest version and that it has the correct policy and the correct protocols and adress to the correct SEP-Server, have a look at this FAQ for guidance.
2. Insert the existing Secured eUSB and right click and select upgrade.
3. click OK once the process is done.