EDR: Windows Sensor won't connect due to TLS error
search cancel

EDR: Windows Sensor won't connect due to TLS error


Article ID: 285954


Updated On:


Carbon Black EDR (formerly Cb Response)


  • EDR Windows Sensors fail to connect to the server
  • Error in endpoint Sensor.log: 
    • (e): WinHTTP indicated a TLS/SSL error, WinXP and Server2008 sensors require the Cb Response server enable TLS1.0 for secure communication.



  • EDR Server: 6.2.4 and higher
  • EDR Windows Sensor: 6.x and Higher
  • Microsoft Windows XP, Vista, Server 2008, Windows 2012


EDR Windows Sensor does not support TLS 1.0 communication by default because it's susceptible to man in the middle attacks with vulnerabilities such as BEAST, POODLE, DROWN, etc.


There are two options:
  1. Upgrade the endpoint's OS to support a more recent cryptographic protocol (TLS 1.2) 
  2. Configure Nginx on EDR server to allow the older protocols
    1. Run the following command to enable the feature
      sed -i -e 's/TLSv1.2;/TLSv1.2\ TLSv1;/' /etc/cb/nginx/conf.d/includes/cb.server.base_body
    2. Restart the Nginx service
      CentOS6: sudo service cb-nginx restart
      CentOS7: sudo systemctl restart cb-nginx

Additional Information

Research the vulnerabilities before configuring Nginx to allow the older protocols