Disabling TLS v1.1 for Secure Email Gateway (SEG) on Unified Access Gateway (UAG)

1. Introduction

If you are running Secure Email Gateway (SEG) on older versions of Unified Access Gateway (UAG) and have an issue where running a security scan shows TLS v1.0/1.1 as enabled, then you should follow the steps below to remediate this risk. Also, refer the Techzone Article for updated information.

In order to disable/update the TLS and the ciphers for SEG, you’d have to manually edit the config file and then restart the machine in order for it to take effect.  By default, only TLS v1.2 and TLS v1.1 are enabled for Secure Email Gateway.

2. Edit the config file

1. Login to the Unified Access Gateway (UAG) appliance as root

2. Navigate to the following location: /opt/vmware/docker/seg/container/config and look for “seg-jvm-args.conf”

3. Edit the file and make necessary changes as shown below. (press “I” to insert a value and “:wq!” to write and quit)

Image of a UAG machine
Image Courtesy: VMware Techzone article

4. Restart the server using the command: reboot -f

3. Conclusion

Run a scan at https://www.ssllabs.com/ssltest/ and check the result.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: