Capture Client : TLS 1.0 and 1.1 Deprecation Update
04/19/2023 2 People found this article helpful 265,189 Views
Description
Capture Client : TLS 1.0 and 1.1 Deprecation Update
Resolution
On April 30,2023, SonicWall Capture Client and SentinelOne will no longer support Transport Layer Security (TLS) 1.0 or 1.1 for Windows Agent to Management Console communication.
After this change, the Management Console will not connect with or upgrade affected Agents. To uninstall or upgrade those Agents, you must access the endpoint with other tools and run our latest Agent installer on the endpoint.
Note: This change does not impact Endpoints running the Windows Legacy Agent.
Until now, we continue to support TLS versions 1.0 and 1.1 to keep backward compatibility for Agents on Endpoints that run old operating systems or are difficult to update. At this time, we see very low numbers of such Endpoints used by our customers. Also, many customers ask that we deprecate these protocols to simplify their regulatory compliance processes.
To prevent any security impact, we recommend you install the relevant software updates to enable TLS versions 1.2 and 1.3.
See this Microsoft article, for instructions on how to update your Windows OS to TLS 1.2.
Supported TLS Version
Supported Cipher Suites
OpenSSL Name | Cipher SUite Name (IANA) |
ECDHE_RSA_AES128_GCM_SHA256 | TLS_ECDHE_RSA_AES128_GCM_SHA256 |
ECDHE_ECDSA_AES128_GCM_SHA256 | TLS_ECDHE_ECDSA_AES128_GCM_SHA256 |
ECDHE_RSA_AES256_GCM_SHA384 | TLS_ECDHE_RSA_AES256_GCM_SHA384 |
ECDHE_ECDSA_AES256_GCM_SHA384 | TLS_ECDHE_ECDSA_AES256_GCM_SHA384 |
DHE_RSA_AES128_GCM_SHA256 | TLS_DHE_RSA_AES128_GCM_SHA256 |
DHE_DSS_AES128_GCM_SHA256 | TLS_DHE_DSS_AES128_GCM_SHA256 |
kEDH+AESGCM |
|
ECDHE_ECDSA_AES128_SHA256 | TLS_ECDHE_ECDSA_AES128_SHA256 |
ECDHE_ECDSA_AES128_SHA | TLS_ECDHE_ECDSA_AES128_SHA |
ECDHE_ECDSA_AES256_SHA384 | TLS_ECDHE_ECDSA_AES256_SHA384 |
ECDHE_ECDSA_AES256_SHA | TLS_ECDHE_ECDSA_AES256_SHA |
DHE_RSA_AES128_SHA256 | TLS_DHE_RSA_AES128_SHA256 |
DHE_RSA_AES128_SHA | TLS_DHE_RSA_AES128_SHA |
DHE_DSS_AES128_SHA256 | TLS_DHE_DSS_AES128_SHA256 |
DHE_RSA_AES256_SHA256 | TLS_DHE_RSA_AES256_SHA256 |
DHE_DSS_AES256_SHA | TLS_DHE_DSS_AES256_SHA |
DHE_RSA_AES256_SHA | TLS_DHE_RSA_AES256_SHA |
Unsupported Cipher Suites
ECDHE_RSA_WITH_AES_256_CBC_SHA384 |
ECDHE_RSA_WITH_AES_128_CBC_SHA |
RSA_WITH_AES_256_GCM_SHA384 |
RSA_WITH_AES_128_CBC_SHA256 |
ECDHE_RSA_WITH_AES_128_CBC_SHA256 |
RSA_WITH_AES_256_CBC_SHA |
RSA_WITH_AES_256_CBC_SHA256 |
RSA_WITH_AES_128_GCM_SHA256 |
ECDHE_RSA_WITH_AES_256_CBC_SHA |
RSA_WITH_CAMELLIA_128_CBC_SHA
|
RSA_WITH_CAMELLIA_256_CBC_SHA
|
Related Articles
Categories
Was This Article Helpful?
YESNO