To fix vulnerabilities on your organization's corporate network, you can enable traffic encryption using SSL/TLS. You can enable SSL/TLS on Administration Server and iOS MDM Server. Kaspersky Security Center supports SSL v3 as well as Transport Layer Security (TLS v1.0, 1.1, and 1.2). You can select encryption protocol and cipher suites. Kaspersky Security Center uses a self-signed certificates. Additional configuration of the iOS devices is not required. You can also use your own certificates. Kaspersky specialists recommend to use certificates issued by trusted certificate authorities.
Administration Server
To configure allowed encryption protocols and cipher suites on the Administration Server:
klscflag -fset -pv ".core/.independent" -s Transport -n SrvUseStrictSslSettings -v <value> -t d
Specify the <value> parameter of the command:
0
—All of the supported encryption protocols and cipher suites are enabled1
—SSL v2 is disabledCipher suites:
2
—SSL v2 and SSL v3 are disabled (default value)Cipher suites:
3
—only TLS v1.2. Cipher suites:
iOS MDM Server
The connection between the iOS devices and the iOS MDM Server is encrypted default.
To configure allowed encryption protocols and cipher suites on the iOS MDM Server:
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab\Components\34\Connectors\KLIOSMDM\1.0.0.0\Conset
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\KasperskyLab\Components\34\Connectors\KLIOSMDM\1.0.0.0\Conset
StrictSslSettings
name.DWORD
as the key type.2
—SSL v3 is disabled (TLS 1.0, TLS 1.1, TLS 1.2 are allowed)3
—only TLS 1.2 (default value)