Environment
- EDR Sensor: All Supported Versions
- Operating System: All
Symptoms
- Sensor failed to register and does not appear in the UI
- Network capture shows Handshake Failure, denied by Server
- sensor.log from sensor diagnostics shows:
Tid[0574] 2019-08-20 07:08:10 (w): Failed to registerHTTPCode[2147954575] HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (i): failed to register HrError[0x80072F8F]
Tid[0574] 2019-08-20 07:08:10 (w): Unable to properly synch with server HrError[0x80072F8F]
Cause
Unsupported Cipher Suites are being used on client endpoint.
Resolution
You need at least one Cipher suite to match in order to complete the TLS handshake. If they do not, you have two options
For Hosted EDR, you need one of the following Ciphers
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
Related Content