Capture Client : TLS 1.0 and 1.1 Deprecation Update
Description
Capture Client : TLS 1.0 and 1.1 Deprecation Update
Resolution
On April 30,2023, SonicWall Capture Client and SentinelOne will no longer support Transport Layer Security (TLS) 1.0 or 1.1 for Windows Agent to Management Console communication.
After this change, the Management Console will not connect with or upgrade affected Agents. To uninstall or upgrade those Agents, you must access the endpoint with other tools and run our latest Agent installer on the endpoint.
Note: This change does not impact Endpoints running the Windows Legacy Agent.
Until now, we continue to support TLS versions 1.0 and 1.1 to keep backward compatibility for Agents on Endpoints that run old operating systems or are difficult to update. At this time, we see very low numbers of such Endpoints used by our customers. Also, many customers ask that we deprecate these protocols to simplify their regulatory compliance processes.
To prevent any security impact, we recommend you install the relevant software updates to enable TLS versions 1.2 and 1.3.
See this Microsoft article, for instructions on how to update your Windows OS to TLS 1.2.
Supported TLS Version
| TLS1.2 |
| TLS1.3 |
Supported Cipher Suites
OpenSSL Name | Cipher SUite Name (IANA) |
| ECDHE_RSA_AES128_GCM_SHA256 | TLS_ECDHE_RSA_AES128_GCM_SHA256 |
| ECDHE_ECDSA_AES128_GCM_SHA256 | TLS_ECDHE_ECDSA_AES128_GCM_SHA256 |
| ECDHE_RSA_AES256_GCM_SHA384 | TLS_ECDHE_RSA_AES256_GCM_SHA384 |
| ECDHE_ECDSA_AES256_GCM_SHA384 | TLS_ECDHE_ECDSA_AES256_GCM_SHA384 |
| DHE_RSA_AES128_GCM_SHA256 | TLS_DHE_RSA_AES128_GCM_SHA256 |
| DHE_DSS_AES128_GCM_SHA256 | TLS_DHE_DSS_AES128_GCM_SHA256 |
| kEDH+AESGCM | |
| ECDHE_ECDSA_AES128_SHA256 | TLS_ECDHE_ECDSA_AES128_SHA256 |
| ECDHE_ECDSA_AES128_SHA | TLS_ECDHE_ECDSA_AES128_SHA |
| ECDHE_ECDSA_AES256_SHA384 | TLS_ECDHE_ECDSA_AES256_SHA384 |
| ECDHE_ECDSA_AES256_SHA | TLS_ECDHE_ECDSA_AES256_SHA |
| DHE_RSA_AES128_SHA256 | TLS_DHE_RSA_AES128_SHA256 |
| DHE_RSA_AES128_SHA | TLS_DHE_RSA_AES128_SHA |
| DHE_DSS_AES128_SHA256 | TLS_DHE_DSS_AES128_SHA256 |
| DHE_RSA_AES256_SHA256 | TLS_DHE_RSA_AES256_SHA256 |
| DHE_DSS_AES256_SHA | TLS_DHE_DSS_AES256_SHA |
| DHE_RSA_AES256_SHA | TLS_DHE_RSA_AES256_SHA |
Unsupported Cipher Suites
| ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
| ECDHE_RSA_WITH_AES_128_CBC_SHA |
| RSA_WITH_AES_256_GCM_SHA384 |
| RSA_WITH_AES_128_CBC_SHA256 |
| ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
| RSA_WITH_AES_256_CBC_SHA |
| RSA_WITH_AES_256_CBC_SHA256 |
| RSA_WITH_AES_128_GCM_SHA256 |
| ECDHE_RSA_WITH_AES_256_CBC_SHA |
| RSA_WITH_CAMELLIA_128_CBC_SHA |
| RSA_WITH_CAMELLIA_256_CBC_SHA |