Environment
- Carbon Black Cloud Console: All supported versions
- Carbon Black Cloud Sensor: All supported versions
- Microsoft Windows: All supported versions
Symptoms
cURL is returning the following error:
curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid
Cause
Not all the Digital Signature Algorithm (DSA) required to talk with to our backend are present.
Resolution
For TLS 1.3, we need at least one RSAE DSA:
RSAE-PSS/SHA256
RSAE-PSS/SHA384
RSAE-PSS/SHA512
For TLS 1.2, we need at least one RSA or RSAE DSA:
RSAE-PSS/SHA256
RSAE-PSS/SHA384
RSAE-PSS/SHA512
RSA/SHA256
RSA/SHA384
RSA/SHA1
RSA/SHA512
Consider comparing this registry on a working sensor with one that is not:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Cryptography\Configuration\Local\SSL\00010003\Functions
WARNING: Backup the registry before making any changes
Additional Notes
If you change the registry mentioned here, a reboot will be needed in order for it to take effect.
Related Content