App Control: Requirements for Disabling TLS 1.0/1.1 and Enable TLS 1.2 on the App Control Server and Agents
App Control Agent: All Supported Versions
App Control Server: All Supported Versions
Microsoft Windows: All Supported Versions
Requirements for disabling TLS 1.0 and/or TLS 1.1 and enabling TLS 1.2 on the App Control Server and Agents.
By default the App Control Server and Agents support all versions of TLS.
All handshakes are negotiated by the operating system (Schannel), and no changes are required to be made to the App Control Server or Agent.
To force a specific version of TLS be used by the Agent/Server, the changes will need to be made at the operating system layer on both the endpoints and the application server.
If changes are desired to force a specific version of TLS be used, those changes must be made to the operating system and a support case with Microsoft may be required.
Disabling older TLS/SSL protocols could cause connectivity issues between the App Control Agent, App Control Server, SQL Server, or Connectors.
It is critical the operating system is compatible with the TLS protocol that is being changed. For example, Windows XP and Windows Server 2003 do not support TLS 1.1 or TLS 1.2 and will require TLS 1.0 support.
The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Console.
The protocol for TLS configurations are a Microsoft requirement, and App Control does not change or modify any TLS settings when installing the platform or an Agent on a machine.
TLS support is handled by the operating system by a series of registry keys.
SQL Server may require an update or patch to support TLS 1.2. Verify the version and build that supports TLS 1.2 by referring to Microsoft's documentation.