Supported Cipher Suites & Protocols
Article ID: 286450
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
Guidance on the supported Cipher Suites & Protocols for the App Control Agent and App Control Server software.
Environment
- App Control Agent: All Supported Versions
- App Control Server: All Supported Versions
- Microsoft Windows: All Supported Versions
- Linux: All Supported Versions
- Apple macOS: All Supported Versions
Resolution
The Agent and Server will rely on the operating system to negotiate a matching Protocol and Cipher Suite to use. If a matching Protocol and Cipher Suite is not available, the Agent and Server will be unable to establish communication and the Agent will show as Disconnected. Additionally, no changes are made to the Protocols or Cipher Suites of the operating system during installation of the Server or Agent applications.
Protocol |
Windows |
macOS |
Linux |
| SSL (1.0, 2.0, 3.0) | All Supported Versions (Agent/Server) | All Supported Versions | All Supported Versions |
| TLS (1.0, 1.1, 1.2) | All Supported Versions (Agent/Server) | All Supported Versions | All Supported Versions |
| TLS (1.3) | Agent: 8.9.4+ Server: 8.10.2+ |
8.9.2+ | Pending... (EP-19215) |
Additional Information
Warning:
|
- Forcing a specific version of TLS be used by the Agent/Server will require the changes to the operating system on both the application server and the endpoints.
- Assistance in editing the TLS & Cipher Suites in the operating system may require support from the vendor (Microsoft, Apple, Red Hat).
- The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Server.
- Typically these changes require modification of the Windows Registry Keys or restrictions via GPO.
- Some customers have reported success using a 3rd Party Tool (such as IIS Crypto) to either confirm or modify these settings.
- Microsoft SQL Server may require an update or patch to support TLS 1.2.
Feedback
Yes
No
Powered by
