Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
Question
Which SSL cipher suites are accepted or supported for Sensor to Cloud communications?
Answer
Cipher Suites | Strong / Weak | TLS 1.2 | TLS 1.1 |
---|
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | |
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | WEAK | X | X |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | |
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | WEAK | X | X |
TLS_RSA_WITH_AES_128_GCM_SHA256 | WEAK | X | |
TLS_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | |
TLS_RSA_WITH_AES_128_CBC_SHA | WEAK | X | X |
TLS_RSA_WITH_AES_256_GCM_SHA384 | WEAK | X | |
TLS_RSA_WITH_AES_256_CBC_SHA256 | STRONG | X | |
TLS_RSA_WITH_AES_256_CBC_SHA | WEAK | X | X |
Additional Notes
- As of 26-Sep-2022, our signature update servers will no longer accept TLS v1.0 or v1.1 for secure connections
- All connections to https://updates2.cdc.carbonblack.io need to use TLS 1.2 with the following Ciphers
- NOTE: This means some older operating systems, like Windows 2012 and earlier, may need to be updated to get this capability
TLS 1.2 ONLYTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
Related Content