logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Response: Windows Sensor won't connect due to TLS error

CB Response: Windows Sensor won't connect due to TLS error

Environment

  • CB Response Server: 6.2.4 and higher
  • CB Response Windows Sensor: 6.x and Higher
  • Microsoft Windows XP, Vista, Server 2008

Symptoms

  • CB Response Windows Sensors fail to connect to the cluster
  • Error in endpoint Sensor.log:  
    • (e): WinHTTP indicated a TLS/SSL error, WinXP and Server2008 sensors require the Cb Response server enable TLS1.0 for secure communication.

       

Cause

CB Response does not support TLS 1.0 communication by default because it's susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc.

Resolution

There are two options:
  1. Upgrade the endpoint's OS to support a more recent cryptographic protocol (TLS 1.2) 
  2. Configure Nginx on EDR server to allow the older protocols
    1. Run the following command to enable the feature 
      sed -i -e 's/TLSv1.2;/TLSv1.2\ TLSv1;/' /etc/cb/nginx/conf.d/includes/cb.server.base_body
    2. Restart the Nginx service 
      CentOS6: sudo service cb-nginx restart
CentOS7: sudo systemctl restart cb-nginx

Additional Notes

Research the vulnerabilities before configuring Nginx to allow the older protocols 

 

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎01-09-2019
Views:
1738
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.