Knowledge Base

Yes

Environment

Which SSL cipher suites are accepted or supported for Sensor to Cloud communications?

Site	Cipher Suite	Strength	TLS 1.2
Environment-specific URLs	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	STRONG	x
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	WEAK	x
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	STRONG	x
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	WEAK	x
	TLS_RSA_WITH_AES_128_GCM_SHA256	WEAK	x
	TLS_RSA_WITH_AES_128_CBC_SHA256	WEAK	x
	TLS_RSA_WITH_AES_256_GCM_SHA384	WEAK	x
	TLS_RSA_WITH_AES_256_CBC_SHA256	STRONG	x
content.carbonblack.io	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	STRONG	x
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	WEAK	x
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	STRONG	x
	TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384	WEAK	x
	TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256	WEAK	x

https://updates2.cdc.carbonblack.io	TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256	STRONG	x
	TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384	STRONG	x
	TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256	STRONG	x

As of 26-Sep-2022, our signature update servers will no longer accept TLS v1.0 or v1.1 for secure connections
NOTE: This means some older operating systems, like Windows 2012 and earlier, may need to be updated to get this capability, even after updating specified ciphers which include ECDHE may not work unless they have the full ECCCurve included like "<CIPHER>_P512" in the supported ciphers list.
Prior to Windows 10, cipher suite strings were appended with the elliptic curve to determine the curve priority. Windows 10 supports an elliptic curve priority order setting so the elliptic curve suffix is not required and is overridden by the new elliptic curve priority order, when provided, to allow organizations to use group policy to configure different versions of Windows with the same cipher suites.