Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Which version of SSL/TLS does the Sensor use? (Windows)

Carbon Black Cloud: Which version of SSL/TLS does the Sensor use? (Windows)

Environment

  • Carbon Black Cloud Console: All Versions
  • Carbon Black Cloud Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

Do the Carbon Black Cloud Sensor and Carbon Black Cloud Console use Secure Sockets Layer (SSL) 3.0, Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, or TLS 1.3 to secure or encrypt communication?

Answer

On Windows, the Carbon Black Cloud Sensor makes use of schannel, and therefore uses the protocol configured in the Operating System (OS). As the Sensor communicates with the cloud, the Console negotiates the most secure connection possible given the available configurations on the endpoint and the backend.

Additional Notes

  • Older ciphers, pre-TLS 1.2 are still made available because of the  wide range of systems customers utilize, some of which do not have the ability to use newer ciphers.
  • The backend will use the secure mutually agreed on cipher, so by keeping the environment up to date old ciphers can be avoided
  • An AWS Application Load Balancer to serve the traffic. As such, the TLS protocols/ciphers available are limited to what AWS currently offers. The 2016-08 security policy can be referenced for the specific protocols/ciphers supported. The reasoning for using this policy is due to the wide array of requirements from the various versions of sensors and operating systems we support.
     

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎08-27-2020
Views:
2103
Contributors