Protocols Supported:

The Agent and Server will rely on the operating system to negotiate a matching Protocol and Cipher Suite to use. If a matching Protocol and Cipher Suite is not available, the Agent and Server will be unable to establish communication and the Agent will show as Disconnected. Additionally, no changes are made to the Protocols or Cipher Suites of the operating system during installation of the Server or Agent applications.

Making Modifications:

1. Modifications to the Protocols, Cipher Suites, or orders must be made at the Operating System layer.
   • This will force all applications to use only the enabled Protocols/Cipher Suites accordingly and in the order specified.
   • Changes to these must be implemented for all relevant endpoints and application servers.
2. Endpoints must also support the desired changes, example:
   • Example: Connect an XP or Server 2003 Agent to the Console.
3. Assistance in editing the TLS & Cipher Suites in the operating system is outside the scope of Carbon Black Support.
   • Additional assistance may require support from the vendor (Microsoft, Apple, Red Hat).
   • Example: Managing TLS & Cipher Suite Order on Windows (GPO, MDM, PowerShell options available).

• The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Server.
• These changes require modification of Operating System:
  • Any required patch to support the desired Protocol or Cipher Suite must first be applied to the OS.
  • Afterwards the desired Protocol or Cipher must be enabled, which can be done through multiple options (GPO, MDM, PowerShell, etc).
• Some customers have reported success using a 3rd Party Tool (such as IIS Crypto) to either confirm or modify these settings.
• Microsoft SQL Server may also require an update or patch to support TLS 1.2.
• More information from Microsoft for Protocols in TLS/SSL for Windows