As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
SSL: Unsupported or Unknown Cipher (seen in Attack Log)
Technical Articles ID:
KB73553
Last Modified: 2024-01-19 08:15:16 Etc/GMT
Environment
Trellix Intrusion Prevention System (Trellix IPS)
Problem
When you import the web server certificate into the Manager and Sensor, the following alert appears in the Attack Log:
SSL: Unsupported or Unknown Cipher
Cause
This issue occurs when a cipher, unsupported by the Sensor, is negotiated between the web server and client. The Sensor can't detect attacks in this SSL connection and raises this alert.
Solution
Configure the web server to use only cipher suites that Trellix IPS supports. You can find a list of supported and unsupported cipher suites in the "Supported web servers and cipher suites for inbound SSL inspection" section of the IPS Configuration Guide for your release.