Download Symantec Encryption Management Server 3.4.2 MP2

Symantec has in the past acquired two different companies that developed encryption software, namely GuardianEdge and PGP. The software from these two acquisitions has long been released as two different encryption product lines by Symantec, the GuardianEdge line was renamed to Endpoint Encryption, and the PGP line was renamed to Encryption Desktop along with Encryption Management Server. To an outsider, it’s confusing that one company released two different encryption products that competed and couldn’t work with each other. There is with the release of Endpoint Encryption 11 largely came to an end in 2014. Since there is no easy way to upgrade from SED and SEMS to SEE, maintenance packs are still being released for the old PGP line. The developers have released Symantec Encryption Management Server 3.4.2 MP2 with the following changes:

What’s changed in this release

• TLS 1.0 is disabled by default; TLS 1.2 is the default protocol for client-to-server communication
• Added CAPTCHA on the Symantec Encryption Web Email Protection logon page

resolved issues

• Symantec Encryption Management Server
  • A group that is created with a name that includes accented characters is now displayed correctly. [4175104]
  • Symantec Encryption Management Server is updated to use Content-Security-Policy and Strict-Transport-Security in the response header. [4202453]
  • When Symantec Encryption Management Server does not load properly, the HTTP Status 500 error message is now displayed without any other details.[4212611]
  • The pgpsysconf –helptext for the –restartall command is updated to exclude httpd. The httpd service does not restart when the –restartall command is run.[4189866]
  • When Symantec Encryption Management Server is unable to connect to an LDAP server, the warning message that is generated in the log files now includes the LDAP servername.[4166991]
  • Symantec Encryption Management Server is now updated to prevent any redirection to other web pages when administrators open the Online Help. [4193506]
  • Updated Symantec Encryption Management Server to prevent vulnerability scanners from providing false alerts on use of weak ciphers on the SSH port. [4001689]
  • Updated Symantec Encryption Management Server to set X-Content-Type-Options to nosniff to protect against MIME sniffing. [4119764]
  • Symantec Encryption Management Server no longer supports weak ciphers for communication.[4201920]
  • Updated Symantec Encryption Management Server to fully use the Cache-Control header.[4184785]
  • In response to the security vulnerabilities, CVE-2018-11784, CVE-2018-8034, CVE-2018-8014, CVE-2018-1336, CVE-2018-1305, and CVE-2018-1304, updated the Apache Tomcat package.[4209895][4209896][4201353]
  • In response to the security vulnerabilities, CVE-2018-7489 and CVE-2018-18066, updated the Jackson Databind package.[4216834]
  • The security vulnerability, CVE-2018-16509, does not affect Symantec Encryption Management Server. However, updated the ghost script package for greater security.[4221098]
  • In response to the security vulnerabilities, CVE-2018-14721 and CVE-2018-1000873, updated the Faster XML Jackson Databind package.[4221856]
  • The Red Hat security vulnerabilities, CVE-2018-10901, CVE-2018-3620, CVE-2018-3646, CVE-2018-3693, CVE-2018-7566, CVE-2017-15265, and CVE-2018-1000004, does not affect Symantec Encryption Management Server. However, updated the Kernel package for enhanced security. [4204121]
  • In response to the security vulnerability, CVE-2018-11212, updated the JDK packages.[4221927]
  • The security vulnerability, CVE-2018-12327, does not affect Symantec Encryption Management Server. However, updated the NTP packages for greater security. [4221096]
  • The security vulnerabilities, CVE-2019-2422, CVE-2019-2426, CVE-2019-2449, CVE-2019-2540, CVE-2018-14048, CVE-2018-13785, CVE-2018-3183, CVE-2018- 3180, CVE-2018-3214, and CVE-2018-3149, do not affect Symantec Encryption Management Server. However, updated the JDK packages for greater security. [4210605][4221927]
  • The security vulnerability, CVE-2018-5740, does not affect Symantec Encryption Management Server. However, updated the BIND packages for greater security.[4204124]
  • When dictionary items containing non-breaking spaces are imported into a dictionary, the non-breaking spaces are now removed automatically. [4211213]
• Keys and certificates
  • Administrators can now successfully create a self-signed external user root certificate using Symantec Encryption Management Server. [4182293]
  • Symantec Encryption Management Server is updated to use SHA-256(SecureHashAlgorithm) by default for signing PGP keys. [4102374]
  • Symantec Encryption Management Server is updated so that PGP CommandLine users can now successfully edit an existing Managed Encryption Key (MEK) series. Also, users can update the –validity-duration and –end-of-life values ​​successfully.[4169781]
  • Symantec Encryption Management Server now sends the entire SSL certificate chain over the SMTP port. [4113406]
  • Administrators can now successfully export the following certificates from Symantec Encryption Management Server:[4204877][4214663]
    • Private organization certificate
    • Private certificate of an internal user
    • Private SSL certificates
• PGP Messaging
  • Symantec Encryption Management Server successfully verifies signature for clear-signed email messages with trailing tabs in the content that are sent using version 3.4.2 or earlier.[4191877]
  • Active Directory internal users with a User Principal Name (UPN) of over 64 characters can now successfully send email messages using Symantec Encryption Management Server. [4156308]
  • Reference to the PGP website is now removed from the page that appears when external users click a link in SmartTrailer messages.[4202584]