Environment
- App Control Agent: All Supported Versions
- App Control Server: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
Requirements for modifying Protocols or Cipher Suites (such as TLS 1.0, RC4 Cipher Suites, etc) on the App Control Server and Agents.
Resolution
There are no settings for TLS/Cipher Suites available in App Control, and all configuration must be done at the Operating System layer. Additionally, no changes are made to the Protocols or Cipher Suites of the Operating System during installation of the Server or Agent applications.
Typically these modifications must be done via the Registry
or GPO, but a tool (
such as IIS Crypto) may make it easier for single machines or to verify the current settings. Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
Warning:
- Improper modification of TLS/SSL protocols could cause connectivity issues between the App Control Agent, App Control Server, SQL Server or other dependencies.
- It is critical the Operating System is compatible with the TLS protocol that is being changed. For example, Windows XP and Windows Server 2003 do not support TLS 1.1 or TLS 1.2 and will require TLS 1.0 support.
Additional Notes
- Forcing a specific version of TLS be used by the Agent/Server will require the changes be made to the Operating System on both the application server and the endpoints.
- Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
- The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Server.
- Typically these changes require modification of the Windows Registry Keys or restrictions via GPO.
- Some customers have reported success using a 3rd Party Tool (such as IIS Crypto) to either confirm or modify these settings.
- Microsoft SQL Server may require an update or patch to support TLS 1.2.
Related Content