The following cryptographic protocols are required for proper communication with Carbon Black Cloud.
Supported SSL Cypher Suites
Environment:
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
The following SSL cipher suites are supported by Carbon Black Cloud:
| Site | Cipher Suite | Strength | TLS 1.2 | TLS 1.3 |
|---|---|---|---|---|
| Environment-specific URLs | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | ||
| TLS_RSA_WITH_AES_128_GCM_SHA256 | WEAK | X | ||
| TLS_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_RSA_WITH_AES_256_GCM_SHA384 | WEAK | X | ||
| TLS_RSA_WITH_AES_256_CBC_SHA256 | STRONG | X | ||
| content.carbonblack.io | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| https://updates2.cdc.carbonblack.io | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | STRONG | X |
Important:
- As of 26-Sep-2022, our signature update servers no longer accept TLS v1.0 or v1.1 for secure connections.
- As a result, some older operating systems, like Windows 2012 and earlier, may need to be updated.
Advanced Encryption Standard (AES)
Carbon Black Cloud supports:
- AES 128
Hash Support
Carbon Black Cloud supports:
- SHA256
Key Exchange Algorithm
Carbon Black Cloud supports:
- Elliptic-curve Diffie–Hellman (ECDH)
