EDR Server: Vulnerability Scanner reports medium strength encryption with 3DES cipher available on primary node's TLS 1.2
search cancel

EDR Server: Vulnerability Scanner reports medium strength encryption with 3DES cipher available on primary node's TLS 1.2

book

Article ID: 288204

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Nessus scanner detects only a medium strength cipher available on the TLS 1.2 protocol. 

Environment

  • EDR (formerly CB Response) Server: 6.0.1 and Higher
  • Vulnerability Scanner

Cause

Security is stronger if weak and medium strength ciphers are not available.

Resolution

  1. Log onto the EDR primary node via SSH
  2. Modify the line "ssl_ciphers" in /etc/cb/nginx/conf.d/includes/cb.server.body or /etc/cb/nginx/conf.d/includes/cb.server.base_body (6.3.0 and above) to contain the following (adding !3DES)
ssl_ciphers FIPS@STRENGTH:!aNULL:!eNULL:!DES:!3DES;
  1. Restart nginx
    • For EDR Server 7.3 and lower 
      • sudo service cb-nginx restart
    • For EDR Server 7.4 and higher in CentOS/RHEL 7 and 8 environments
      • sudo /usr/share/cb/cbservice cb-nginx restart

Additional Information

  • Sensors + Console UI traffic will remain functional throughout the procedure.
  • Some vulnerability scanners may refer to this as "Birthday attacks against TLS ciphers with 64bit block size vulnerability (Sweet32)", or CVE-2016-2183