logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR Server: Vulnerability Scanner reports medium strength encryption with 3DES cipher available on primary node's TLS 1.2

EDR Server: Vulnerability Scanner reports medium strength encryption with 3DES cipher available on primary node's TLS 1.2

Environment

  • EDR (formerly CB Response) Server: 6.0.1 and Higher
  • Vulnerability Scanner

Symptoms

Nessus scanner detects only a medium strength cipher available on the TLS 1.2 protocol. 

Cause

Security is stronger if weak and medium strength ciphers are not available.

Resolution

  1. Log onto the EDR primary node via SSH
  2. Modify the line "ssl_ciphers" in /etc/cb/nginx/conf.d/includes/cb.server.body or /etc/cb/nginx/conf.d/includes/cb.server.base_body (6.3.0 and above) to contain the following (adding !3DES)
ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL:!DES:!3DES;
  1. Restart nginx
    • For EDR Server 7.3 and lower  
      • sudo service cb-nginx restart
    • For EDR Server 7.4 and higher in CentOS/RHEL 7 and 8 environments 
      • sudo /usr/share/cb/cbservice cb-nginx restart

Additional Notes

  • Sensors + Console UI traffic will remain functional throughout the procedure.
  • Some vulnerability scanners may refer to this as "Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)", or CVE-2016-2183

Labels (1)
Labels:
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎12-28-2018
Views:
1889
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.