In the Agent's Agent.log file (/Users/<username>/Library/Logs/FileTrek/Agent.log), the following error is seen:
Curl request failed. Curl error msg/code is: SSL connect error (35) url=<ENDPOINT_SERVER>
This is caused by the ssl_ciphers settings used in the nginx configuration with our default nginx.conf file.
To correct this issue:
- Logon to the Flow server
- Edit the '/etc/nginx/conf.d/flow.conf' file
- Look for the line 'ssl_ciphers ...'
- Change that line to;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:DHE-RSA-AES256-SHA256:ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DSS:!DES:!MD5:!PSK:!RC4;
- Restart nginx (sudo service nginx restart)
Following this, the Sensor instances deployed to OS X should be able to properly authenticate when the user is logged in with an Active Directory account.
Comments