Connectivity issues experienced with OpenJRE 1.8.0_352 and later

Data Loss Prevention

28 more products

21189

07 March 2024

26 January 2023

LAST UPDATE: March 7, 2024: Corrected .conf file name references and clarified that issues with Enforce to Azure syncing occurs when FIPS is enabled.

Problem Statement

The following table lists issues you may experience when using OpenJRE 1.8.0_352 and later.

Issue

Description

Workaround

The News and Alerts page displays outdated information (with Symantec Data Loss Prevention version 16.0). 

The update fails because the API gateway does not accept TLS 1.3, which is enabled by default with OpenJRE 1.8.0_352.

See Update the SymantecDLPManager.conf File.

The TLS connectivity to the MTA fails for Network Prevent for Email (with Symantec Data Loss Prevention version 15.8 or 16.0).

The failure occurs because OpenJRE 1.8.0_352 enables TLS 1.3 by default, and Symantec Data Loss Prevention version 15.8 and 16.0 only support TLS 1.2.

See Update the SymantecDLPDetectionServer.conf File.

The Enforce Server does not sync labels from Microsoft Information Protection (Azure Purview) when FIPS is enabled (with Symantec Data Loss Prevention version 15.8 and 16.0)

The update fails because the API gateway does not accept TLS 1.3, which is enabled by default with OpenJRE 1.8.0_352.

See Update the SymantecDLPManager.conf File.

Workaround

If you have completed these steps and have upgraded to a later version of OpenJRE, you do not need to complete them again.

Update the SymantecDLPManager.conf File

Complete the following steps to prompt OpenJRE 1.8.0_352 and later to use TLS 1.2:

  1. Locate SymantecDLPManager.conf on the Enforce Server server at the following location (based on your platform)
    • Windows: \Program Files\Symantec\DataLossPrevention\EnforceServer\Services
    • Linux: /opt/Symantec/DataLossPrevention/EnforceServer/Services
  2. Locate the line
    wrapper.java.additional.202 = -Djava.security.properties=../config/java.security
  3. Add the following line below the line listed in step #2:
    wrapper.java.additional.203 = -Djdk.tls.client.protocols="TLSv1.2"
    Note: The number 203 is an example, and if already in use, enter any unused number of higher value. 
  4. Save your changes.
  5. Restart the Enforce Server.

Update the SymantecDLPDetectionServer.conf File

Complete the following steps to prompt OpenJRE 1.8.0_352 to use TLS 1.2:

  1. Locate SymantecDLPDetectionServer.conf on the Network Prevent for Email server at the following location (based on your platform):
    • Windows: \Program Files\Symantec\DataLossPrevention\DetectionServer\Services
    • Linux: /opt/Symantec/DataLossPrevention/DetectionServer/Services
  2. Locate the line
    wrapper.java.additional.202 = -Djava.security.properties=../config/java.security
  3. Add the following line below the line listed in step #2:
    wrapper.java.additional.210 = -Djdk.tls.client.protocols="TLSv1.2"
    Note: The number 210 is an example, and if already in use, enter any unused number of higher value. 
  4. Save your changes.
  5. Restart the detection server.