Error "No appropriate protocol" in RSA Access Manager 6.2
Originally Published: 2019-05-31
Article Number
Applies To
RSA Version/Condition: 6.2
Issue
17:11:40:004 [ssl] [DispatcherReg] - Starting the handshake...
Error connecting to the dispatcher at: axm-server:5607
No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Retry in 10 seconds
The dispatcher.log shows the following exception.
sequence_number=2247,remote_client=169.254.185.199,2019-05-31 16:22:20:49
EDT,messageID=0,event_type=Error,description=Error reading client
input,error=javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Cause
See Java 8 Release Highlights.
Resolution
Workaround
- Edit the java.security file (C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\java.security).
- Modify the disabledAlgorithms section.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
- Remove the anon algorithm type.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, NULL
If the SSL TLS handshake completes correctly, it should show it using the TLS_DH_anon TLS protocol. (enable -DDEBUG=SSL to show SSL debugging.)
18:20:01:109 [ssl] [main] - Enabled protocols for socket: 18:20:01:109 [ssl] [main] - TLSv1,TLSv1.1,TLSv1.2, 18:20:01:109 [ssl] [main] - Adding the Handshake Completed Listener... 18:20:01:109 [ssl] [main] - Starting the handshake... 18:20:01:141 [ssl] [MuxStreamReader-0] - SSL Session info for: [Session-3, TLS_DH_anon_WITH_AES_128_CBC_SHA] 18:20:01:141 [ssl] [MuxStreamReader-0] - Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA 18:20:01:141 [ssl] [MuxStreamReader-0] - Create: 1559341201125 18:20:01:141 [ssl] [MuxStreamReader-0] - ID: [B@6242b9a9 18:20:01:141 [ssl] [MuxStreamReader-0] - Last: 1559341201141 18:20:01:141 [ssl] [MuxStreamReader-0] - Context: sun.security.ssl.SSLSessionContextImpl@6c855b91 18:20:01:141 [ssl] [MuxStreamReader-0] - SSLPeerUnverifiedException encountered. 18:20:01:141 [ssl] [MuxStreamReader-0] - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 18:20:01:141 [ssl] [MuxStreamReader-0] - 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSLSocketFactory: SSL handshake completed. 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL socket: class sun.security.ssl.SSLSocketImpl 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL Session info for: [Session-4, TLS_DH_anon_WITH_AES_128_CBC_SHA] 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA
Related Articles
Software Token for Windwos DeskTop, SWTDT v. 5.0.2 and later “No token storage device was detected" after reboot due to ro… Number of Views Maximum number of tokens allowed to be imported into Software Token for Desktop 5.0 for RSA Authentication Manager Number of Views Windows desktop machine does not display last logged in user ID with RSA Authentication Agent 7.x for Microsoft Windows Number of Views Use a script that ignores rotated log files when gathering RSA Authentication Manager troubleshooting logs for RSA Technic… Number of Views RSA Agent 4.7 for Apache 2.2 fails install on SUSE 10.1 and RedHat 5 Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide How to Download OTP Token Seed Files from myRSA Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU How to factory reset an RSA Authentication Manager 8.x hardware appliance without a factory reset button from the Operatio…
Don't see what you're looking for?
