Carbon Black Cloud: Which version of SSL/TLS does the Sensor use? (Windows)
Article ID: 292516
Updated On:
Products
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
Do the Carbon Black Cloud Sensor and Carbon Black Cloud Console use Secure Sockets Layer (SSL) 3.0, Transport Layer Security (TLS) 1.0, TLS 1.1, TLS 1.2, or TLS 1.3 to secure or encrypt communication?
Environment
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: All Supported Versions
Resolution
On Windows, the Carbon Black Cloud Sensor makes use of schannel, and therefore uses the protocol configured in the Operating System (OS). As the Sensor communicates with the cloud, the Console negotiates the most secure connection possible given the available configurations on the endpoint and the backend.
Additional Information
- TLS 1.0 and 1.1 are no longer supported by the backend since July 5th 2022 per this announcement.
- Some older ciphers are still made available because of the wide range of systems customers utilize, some of which do not have the ability to use newer ciphers.
- The backend will use the secure mutually agreed on cipher, so by keeping the environment up to date old ciphers can be avoided.
- An AWS Application Load Balancer to serve the traffic. As such, the TLS protocols/ciphers available are limited to what AWS currently offers. The 2016-08 security policy can be referenced for the specific protocols/ciphers supported. The reasoning for using this policy is due to the wide array of requirements from the various versions of sensors and operating systems we support.
Feedback
Yes
No
Powered by
