EDR: Nginx Fails to Start with nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7
Article ID: 287983
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Nginx is failing to start after upgrading from a 6.x series to 7.x series server.
- /var/log/cb/nginx/startup.log shows
nginx: [emerg] "ssl_ciphers" directive is duplicate in /etc/cb/nginx/conf.d/includes/cb.server.base_body:7
Environment
- EDR Server: 7.x and above
Cause
A new configuration property for UseIncreasedSecurityCiphers was added to cb.conf. The duplicate is caused by a previously customized cipher list
Resolution
- Edit /etc/cb/nginx/conf.d/includes/cb.server.base_body
- Find the line ssl_ciphers and copy the current if you would like to continue using these ciphers
- Delete the ssl_ciphers line and save the file
- Edit /etc/cb/nginx/conf.d/templates/cipher_lists.conf.template
- Replace the following line with the previous ssl_ciphers copied, or keep the one already set (This is environmentally specific to your needs)
- Default increased cipher set is
ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL:!ECDHE-RSA-AES256-SHA384:!AES256-GCM-SHA384:!AES256-SHA256;
- Default increased cipher set is
- Save the file if changes were made
- Replace the following line with the previous ssl_ciphers copied, or keep the one already set (This is environmentally specific to your needs)
- Start cb-nginx
CentOS/RHEL 6: service cb-nginx start CentOS/RHEL 7/8: systemctl start cb-nginx
Feedback
Yes
No
Powered by
