This issue may occur if a firewall rule on a customer network appliance is actively blocking SSL connections on port 8444.
This connection failure is similar to other SSL connection issues between AFX and RSA Identity Governance & Lifecycle except there are no additional details about the reasons for the SSL failure. The certificates may be correct but the SSL connection is being abandoned before the SSL handshake can be completed. The only failure is the
SocketException.
A packet capture on the remote AFX Server will show that the SSL Client Hello is being sent to RSA Identity Governance & Lifecycle but the TCP transmission is being terminated by an RST packet inserted into the network stream.
1 2020-08-07 10:20:11.892861 10.10.10.1 56036 10.10.10.10 8444 TCP 76 56036 → 8444 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 TSval=1845193795 TSecr=0 WS=512
2 2020-08-07 10:20:11.893467 10.10.10.10 8444 10.10.10.1 56036 TCP 68 8444 → 56036 [SYN, ACK] Seq=0 Ack=1 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512
3 2020-08-07 10:20:11.893484 10.10.10.1 56036 10.10.10.10 8444 TCP 56 56036 → 8444 [ACK] Seq=1 Ack=1 Win=29696 Len=0
4 2020-08-07 10:20:11.897759 10.10.10.1 56036 10.10.10.10 8444 TLSv1 303 Client Hello
5 2020-08-07 10:20:11.898108 10.10.10.10 8444 10.10.10.1 56036 TCP 62 8444 → 56036 [RST, ACK] Seq=1 Ack=248 Win=29696 Len=0
A packet capture on the RSA Identity Governance & Lifecycle server will show that the SSL Client Hello message did not reach the AFX Server and that the TCP transmission was terminated by an RST packet that was inserted into the network stream.
100 2020-08-07 11:04:54.437776 10.10.10.1 56870 10.10.10.10 8444 TCP 76 56870 → 8444 [SYN] Seq=0 Win=29200 Len=0 MSS=1460 SACK_PERM=1 WS=512
102 2020-08-07 11:04:54.438132 10.10.10.1 56870 10.10.10.10 8444 TCP 62 56870 → 8444 [ACK] Seq=1 Ack=1 Win=29696 Len=0
103 2020-08-07 11:04:54.442732 10.10.10.1 56870 10.10.10.10 8444 TCP 62 56870 → 8444 [RST, ACK] Seq=1 Ack=1 Win=29696 Len=0