From https://kb.mcafee.com/agent/index?page=content&id=KB83165

 

Environment

 

McAfee Email Gateway (MEG) 7.x

 

 

Summary

By default, McAfee Email Gateway (MEG) allows negotiation of secure connections via SSLv3. Perform the steps in this article to disable SSLv3 connections.

 

 

Solution

NOTE: This solution requires either MEG 7.5.3 + HF971179 (3016.109) or later or 7.6.2H1008011 (3044.109) or later installed.

 

IMPORTANT:

  • If you are using ePO to manage your appliance, you must follow the process documented in KB82606 to avoid ePO overwriting your configuration changes.
  • For details about saving, editing, and restoring the appliance configuration file, follow the instructions in KB56323.

 


To disable SSLv3 for MEG:
  1. Export the Appliance configuration file and extract machine.xml:
    1. Create a new folder and assign a descriptive name.
    2. Log on to the Appliance Management Console and select System, System Administration, Configuration Management.
    3. Click Backup Config, then click the link to save the configuration. Save the configuration to the new folder.

      NOTE
      : The numbers in the name of the configuration file change with new versions and updates.
    4. Save a copy of the configuration .zip file to a backup location.
    5. Right-click the configuration file and select Open with WinZip.
    6. Locate and extract machine.xml file to your new folder.
      NOTE:
      Ensure that you do not extract the full zip file, only the XML file to be edited. Extracting the full configuration can cause corruption in the MEG appliance configuration. 
  2. Edit the machine.xml configuration file:
    1. Right-click machine.xml and select Open with Wordpad.
    2. Search for ForbiddenProtocols. The entry will be in the following text section:

      <List name="ForbiddenProtocols" type="nstr">
      <Attr name="0" value="SSLv2"/>
      </List>
    3. Change the entry above to read as follows:

      <List name="ForbiddenProtocols" type="nstr">
      <Attr name="0" value="SSLv2"/>
      <Attr name="1" value="SSLv3"/>
      </List>
    4. Click Save.
    5. Update the MEG appliance configuration zip file with the edited machine.xml
  3. Restore the Configuration File to the Appliance:
    1. Log on to the Appliance Management Console and select System, System Administration, Configuration Management, Backup and Restore Configuration.
    2. Click Restore from File, locate the updated configuration zip file and click OK.
    3. Select the Values to Restore and click OK.
    4. Click Close.
    5. Click Apply Changes.
    6. Type a comment and click OK.