Error "No appropriate protocol" in RSA Access Manager 6.2
Originally Published: 2019-05-31
Article Number
Applies To
RSA Version/Condition: 6.2
Issue
17:11:40:004 [ssl] [DispatcherReg] - Starting the handshake...
Error connecting to the dispatcher at: axm-server:5607
No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Retry in 10 seconds
The dispatcher.log shows the following exception.
sequence_number=2247,remote_client=169.254.185.199,2019-05-31 16:22:20:49
EDT,messageID=0,event_type=Error,description=Error reading client
input,error=javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)
Cause
See Java 8 Release Highlights.
Resolution
Workaround
- Edit the java.security file (C:\Program Files\Java\jdk1.8.0_211\jre\lib\security\java.security).
- Modify the disabledAlgorithms section.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL
- Remove the anon algorithm type.
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, NULL
If the SSL TLS handshake completes correctly, it should show it using the TLS_DH_anon TLS protocol. (enable -DDEBUG=SSL to show SSL debugging.)
18:20:01:109 [ssl] [main] - Enabled protocols for socket: 18:20:01:109 [ssl] [main] - TLSv1,TLSv1.1,TLSv1.2, 18:20:01:109 [ssl] [main] - Adding the Handshake Completed Listener... 18:20:01:109 [ssl] [main] - Starting the handshake... 18:20:01:141 [ssl] [MuxStreamReader-0] - SSL Session info for: [Session-3, TLS_DH_anon_WITH_AES_128_CBC_SHA] 18:20:01:141 [ssl] [MuxStreamReader-0] - Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA 18:20:01:141 [ssl] [MuxStreamReader-0] - Create: 1559341201125 18:20:01:141 [ssl] [MuxStreamReader-0] - ID: [B@6242b9a9 18:20:01:141 [ssl] [MuxStreamReader-0] - Last: 1559341201141 18:20:01:141 [ssl] [MuxStreamReader-0] - Context: sun.security.ssl.SSLSessionContextImpl@6c855b91 18:20:01:141 [ssl] [MuxStreamReader-0] - SSLPeerUnverifiedException encountered. 18:20:01:141 [ssl] [MuxStreamReader-0] - javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated 18:20:01:141 [ssl] [MuxStreamReader-0] - 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSLSocketFactory: SSL handshake completed. 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL socket: class sun.security.ssl.SSLSocketImpl 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - SSL Session info for: [Session-4, TLS_DH_anon_WITH_AES_128_CBC_SHA] 18:20:01:141 [ssl] [HandshakeCompletedNotify-Thread] - Cipher TLS_DH_anon_WITH_AES_128_CBC_SHA
Related Articles
RSA Governance & Lifecycle Recommended Practices: Collecting from Active Directory Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for Oracle and RHEL (Japanese) Number of Views RSA MFA Agent 9.0 for PAM - Installation and Configuration Guide for SUSE Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for Oracle and RHEL Number of Views RSA SecurID Authentication Agent 8.1 for PAM Installation and Configuration Guide for Solaris Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle Artifacts to gather in RSA Identity Governance & Lifecycle Unable to attach a replica instance due to a configuration error when enabling replication for the RADIUS server for RSA A…
Don't see what you're looking for?
