The following cryptographic protocols are required for proper communication with Carbon Black Cloud.
Supported SSL Cypher Suites
Environment:
- Carbon Black Cloud Console: All Versions
- Carbon Black Cloud Sensor: All Versions
- Apple macOS: All Supported Versions
- Linux: All Supported Versions
- Microsoft Windows: All Supported Versions
The following SSL cipher suites are supported by Carbon Black Cloudd:
| Site | Cipher Suite | Strength | TLS 1.2 | TLS 1.3 |
|---|---|---|---|---|
| Environment-specific URLs | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | ||
| TLS_RSA_WITH_AES_128_GCM_SHA256 | WEAK | X | ||
| TLS_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_RSA_WITH_AES_256_GCM_SHA384 | WEAK | X | ||
| TLS_RSA_WITH_AES_256_CBC_SHA256 | STRONG | X | ||
| content.carbonblack.io | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | |
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| https://updates2.cdc.carbonblack.io | TLS_AES_256_GCM_SHA384 | STRONG | X | |
| TLS_CHACHA20_POLY1305_SHA256 | STRONG | X | ||
| TLS_AES_128_GCM_SHA256 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | ||
| TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 | STRONG | X | ||
| TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 | STRONG | X | ||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | WEAK | X | ||
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA | WEAK | X | ||
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 | WEAK | X | ||
| TLS_DHE_RSA_WITH_AES_128_CBC_SHA | WEAK | X | ||
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 | WEAK | X | ||
| TLS_DHE_RSA_WITH_AES_256_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_AES_128_GCM_SHA256 | WEAK | X | ||
| TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA | WEAK | X | ||
| TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_AES_256_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_CAMELLIA_256_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_AES_128_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_CAMELLIA_128_CBC_SHA | WEAK | X | ||
| TLS_DHE_RSA_WITH_SEED_CBC_SHA | WEAK | X | ||
| TLS_RSA_WITH_SEED_CBC_SHA | WEAK | X |
Important:
- As of 26 September 2022, Carbon Black Cloud signature update servers no longer accept TLS v1.0 or v1.1 for secure connections. As a result, some older operating systems, such as Windows 2012 and earlier, might need to be updated.
Advanced Encryption Standard (AES)
Carbon Black Cloud supports:
- AES 128
Hash Support
Carbon Black Cloud supports:
- SHA256
Key Exchange Algorithm
Carbon Black Cloud supports:
- Elliptic-curve Diffie–Hellman (ECDH)
