The ePO Application Server service in ePO 5.10.x, only supports
Transport Layer Security (TLS)
1.2, and the following cipher suites:
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
IMPORTANT: At least one of the above cipher suites must be enabled in the Secure Channel (Schannel) settings. The cipher suite must be enabled on systems that need to communicate with the application server service.
The reason is because the ePO Server service needs to communicate in this way. Which includes the ePO server itself, and any additional Agent Handlers. Ideally, all four cipher suites are enabled.
To enable the cipher suites on the ePO server:
- Enable the cipher suites on the ePO server, either manually or by using a tool such as IISCrypto: https://www.nartac.com/Products/IISCrypto
- Reboot the server. This action is required to enable the cipher suites.
The following articles cover issues that can occur if the required suites are disabled:
- KB91270 - The local Agent Handler service is not running (displayed on the ePolicy Orchestrator logon page after installing ePolicy 5.10.x)
- KB91298 - Failed to send HTTP request. Error=12175 (All data channel requests fail after upgrading to ePolicy Orchestrator 5.10.x)
