If you are running Secure Email Gateway (SEG) on older versions of Unified Access Gateway (UAG) and have an issue where running a security scan shows TLS v1.0/1.1 as enabled, then you should follow the steps below to remediate this risk. Also, refer the Techzone Article for updated information.
In order to disable/update the TLS and the ciphers for SEG, you’d have to manually edit the config file and then restart the machine in order for it to take effect. By default, only TLS v1.2 and TLS v1.1 are enabled for Secure Email Gateway.
2. Edit the config file
1. Login to the Unified Access Gateway (UAG) appliance as root
2. Navigate to the following location: /opt/vmware/docker/seg/container/config and look for “seg-jvm-args.conf”
3. Edit the file and make necessary changes as shown below. (press “I” to insert a value and “:wq!” to write and quit)
4. Restart the server using the command: reboot -f
Run a scan at https://www.ssllabs.com/ssltest/ and check the result.