Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?

Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

Which SSL cipher suites are accepted or supported for Sensor to Cloud communications?

Answer

Cipher Suites     Strong / Weak          TLS 1.2          TLS 1.1    
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256STRONGX 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256WEAKX 
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHAWEAKXX
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384STRONGX 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384WEAKX 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHAWEAKXX
TLS_RSA_WITH_AES_128_GCM_SHA256WEAKX 
TLS_RSA_WITH_AES_128_CBC_SHA256WEAKX 
TLS_RSA_WITH_AES_128_CBC_SHAWEAKXX
TLS_RSA_WITH_AES_256_GCM_SHA384WEAKX 
TLS_RSA_WITH_AES_256_CBC_SHA256STRONGX 
TLS_RSA_WITH_AES_256_CBC_SHAWEAKXX

Additional Notes

  • As of 26-Sep-2022, our signature update servers will no longer accept TLS v1.0 or v1.1 for secure connections
  • All connections to https://updates2.cdc.carbonblack.io need to use TLS 1.2 with the following Ciphers
  • NOTE: This means some older operating systems, like Windows 2012 and earlier, may need to be updated to get this capability

TLS 1.2 ONLY
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎08-06-2021
Views:
2670
Contributors