App Control: Linux agents are not able to communicate with the App Control server
search cancel

App Control: Linux agents are not able to communicate with the App Control server

book

Article ID: 286888

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

  • After upgrading to 7.4.4 agents are not able  to communicate with the App Control server.
  • the following errors can be found in errors.bit9:
09:55:06 174660000 15367 - HttpTransport:EventLoop: Received Connect request Transaction[0] CurrentPriority[0] Server[Set]
09:55:06 174660000 15367 - HttpTransport:InitiateResolve: Connect Server[sdepaps425.svuent.supervalu.com] Port[40320]
09:55:06 174660000 15367 - HttpTransport:GetPendingRequest: No requests
09:55:06 174660000 15366 - HttpTransport:HandleResolve: Connect
09:55:06 174660000 15366 - HttpTransport:InitiateConnect: Connect
09:55:06 174660000 15366 - Persistence:Next: Stmt[SELECT value FROM Settings WHERE name=?] Results[1]
09:55:06 174660000 15366 - HttpTransport:filterProtocolOptions: HTTPS/SSL Windows protocol encodings 0x00000008, HTTPS/SSL optionsMask= 0x1E000000
09:55:06 174660000 15366 - HttpTransport:filterProtocolOptions: HTTPS/SSL specific protocols disabled: <SSL_OP_NO_SSLv3, SSL_OP_NO_TLSv1, SSL_OP_NO_TLSv1_2, SSL_OP_NO_TLSv1_1>
09:55:06 174660000 15366 - HttpTransport:filterProtocolOptions: HTTPS/SSL SSL_CTX_get_options(): 0x01020004
09:55:06 174660000 15366 - HttpTransport:HandleConnect: Connect
09:55:06 174660000 15366 - HttpTransport:InitiateSslHandshake: Connect
09:55:06 174660000 15366 - HttpTransport:HandleSslHandshake: Connect
09:55:06 174660000 15366 - HttpTransport:HandleSslHandshake: Error[unsupported protocol]
09:55:06 174660000 15366 - HttpTransport:HandleCompletion: Connect Transaction[0] Error[5-SSLError]

Environment

  • App Control Agent: 7.4.4 and higher
  • Red Hat:6.10  kernel:2.6.32-754.29.1e16.x86_64 

Cause

Starting from App Control Linux agent 7.4.4 the configuration for ssl/tls (winhttp_secure_protocol_flags) only accepts hexadecimal values..

Resolution

  1. Go to the agent configuration page using the URL: https://yourserver/agent_config.php
  2. search for the value winhttp_secure_protocol_flags  and click on the edit icon, if the value is not found do click in  the "add agent config" button and replace the decimal number with their equivalent hex value:
Property name: Winhttp protocol flags
Host ID: 0
Value: winhttp_secure_protocol_flags=0xAA0
Status: Enabled
platform: linux
Click Save.
  1. go to  https://yourserver/support.php
  2. click on "advance configuration" tab
  3. in the right sided menu click on "regenerate install files"
  4. to validate the install  files regeneration process is done check the "date modified" column in to https://yourserver/hostpkg 
  5. download the agent installer and proceed with the installation

Additional Information

  • The winhttp_secure_protocol_flags=0xAA0 will allow the agent to use SSL 3.0, TLS 1.0,.1.1,1.2  ( equivalent to the decimal value 2720) 
Powered by Wolken Software