Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?

Carbon Black Cloud: What SSL cipher suites are supported/accepted for communications?

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • Apple macOS: All Supported Versions
  • Linux: All Supported Versions
  • Microsoft Windows: All Supported Versions

Question

Which SSL cipher suites are accepted or supported for Sensor to Cloud communications?

Answer

SiteCipher SuiteStrengthTLS 1.2
Environment-specific URLsTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256STRONGx
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256WEAKx
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384STRONGx
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384WEAKx
 TLS_RSA_WITH_AES_128_GCM_SHA256WEAK 
 TLS_RSA_WITH_AES_128_CBC_SHA256WEAKx
 TLS_RSA_WITH_AES_256_GCM_SHA384WEAKx
 TLS_RSA_WITH_AES_256_CBC_SHA256STRONGx
content.carbonblack.ioTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256STRONGx
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 WEAKx
 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256STRONGx
 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384WEAKx
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256WEAKx
    
https://updates2.cdc.carbonblack.io TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256STRONGx
 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384STRONGx
 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256STRONGx

Additional Notes

 
  • As of 26-Sep-2022, our signature update servers will no longer accept TLS v1.0 or v1.1 for secure connections
  • NOTE: This means some older operating systems, like Windows 2012 and earlier, may need to be updated to get this capability, even after updating specified ciphers which include ECDHE may not work unless they have the full ECCCurve included like "<CIPHER>_P512" in the supported ciphers list
  • Prior to Windows 10, cipher suite strings were appended with the elliptic curve to determine the curve priority. Windows 10 supports an elliptic curve priority order setting so the elliptic curve suffix is not required and is overridden by the new elliptic curve priority order, when provided, to allow organizations to use group policy to configure different versions of Windows with the same cipher suites.

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎08-06-2021
Views:
7605
Contributors