Supported Cipher Suites & Protocols
search cancel

Supported Cipher Suites & Protocols


Article ID: 286450


Updated On:


Carbon Black App Control (formerly Cb Protection)


Guidance on the supported Cipher Suites & Protocols for the App Control Agent and App Control Server software.


  • App Control Agent: All Supported Versions
  • App Control Server: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Linux: All Supported Versions
  • Apple macOS: All Supported Versions


The Agent and Server will rely on the operating system to negotiate a matching Protocol and Cipher Suite to use. If a matching Protocol and Cipher Suite is not available, the Agent and Server will be unable to establish communication and the Agent will show as Disconnected. Additionally, no changes are made to the Protocols or Cipher Suites of the operating system during installation of the Server or Agent applications.





SSL (1.0, 2.0, 3.0) All Supported Versions (Agent/Server) All Supported Versions All Supported Versions
TLS (1.0, 1.1, 1.2) All Supported Versions (Agent/Server) All Supported Versions All Supported Versions
TLS (1.3) Agent: 8.9.4+
Server: 8.10.2+
8.9.2+ Pending... (EP-19215)


Additional Information

  • Improper modification of TLS/SSL protocols could cause connectivity issues between the App Control Agent, App Control Server, SQL Server or other dependencies.
  • It is critical the operating system on the endpoint and the application server is compatible with the desired TLS protocol.
    Example: Windows XP and Windows Server 2003 do not support TLS 1.1 or TLS 1.2 and will require TLS 1.0 support on the OS of the App Control Server.
  • Forcing a specific version of TLS be used by the Agent/Server will require the changes to the operating system on both the application server and the endpoints.
  • Assistance in editing the TLS & Cipher Suites in the operating system may require support from the vendor (Microsoft, Apple, Red Hat).
  • The Carbon Black File Reputation (CDC) requires a TLS 1.2 connection from the application server hosting the App Control Server.
  • Typically these changes require modification of the Windows Registry Keys or restrictions via GPO.
  • Some customers have reported success using a 3rd Party Tool (such as IIS Crypto) to either confirm or modify these settings.
  • Microsoft SQL Server may require an update or patch to support TLS 1.2.