Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Requirements for Disabling TLS 1.0/1.1 and Enable TLS 1.2 on the App Control Server and Agents

App Control: Requirements for Disabling TLS 1.0/1.1 and Enable TLS 1.2 on the App Control Server and Agents

Environment

  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

Requirements for modifying Protocols or Cipher Suites (such as TLS 1.0, RC4 Cipher Suites, etc) on the App Control Server and Agents.


Resolution

There are no settings for TLS/Cipher Suites available in App Control, and all configuration must be done at the Operating System layer. Additionally, no changes are made to the Protocols or Cipher Suites of the Operating System during installation of the Server or Agent applications.

Typically these modifications must be done via the Registry or GPO, but a tool (such as IIS Crypto) may make it easier for single machines or to verify the current settings. Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
 

Warning:

  • Improper modification of TLS/SSL protocols could cause connectivity issues between the App Control Agent, App Control Server, SQL Server or other dependencies.
  • It is critical the Operating System is compatible with the TLS protocol that is being changed. For example, Windows XP and Windows Server 2003 do not support TLS 1.1 or TLS 1.2 and will require TLS 1.0 support.

Additional Notes

  • Forcing a specific version of TLS be used by the Agent/Server will require the changes be made to the Operating System on both the application server and the endpoints.
  • Assistance in editing the TLS & Cipher Suites in the Operating System may require support from Microsoft.
  • The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Server.
  • Typically these changes require modification of the Windows Registry Keys or restrictions via GPO.
  • Some customers have reported success using a 3rd Party Tool (such as IIS Crypto) to either confirm or modify these settings.
  • Microsoft SQL Server may require an update or patch to support TLS 1.2.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎05-08-2018
Views:
6062
Contributors