EDR: How to define the supported TLS versions
search cancel

EDR: How to define the supported TLS versions


Article ID: 285748


Updated On:


Carbon Black EDR (formerly Cb Response)


To limit or allow the exact versions of TLS that are supported by the EDR cluster.


  • EDR: 7.x and Higher


  1. Edit: /etc/cb/nginx/conf.d/includes/cb.server.base.body
  2. Edit the "ssl_protocols" line, located in the "server" section:
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  1. Add or remove the supported versions of TLS as necessary.
  2. Once the master server and all minions have been modified, restart the cluster. 

Additional Information

  • TLS 1.3 is currently not supported
  • Changes should be made on all cluster nodes (master + minions)
  • Server cluster, endpoint, and all networking devices between them support the specified protocols