000038312 - SSL socket connection error with RSA Authentication Agent for Windows 7.3.1 [48] through 7.3.2 [80] and Authentication Manager 8.4 +

Document created by RSA Customer Support Employee on Jan 10, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000038312
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.4.
RSA Product/Service Type: Authentication Agent
RSA Version/Condition: 7.3.1 [48] through 7.3.2 [80] 
IssueAgent auto-registration functionality does not work properly with RSA Authentication Manager 8.4 and higher when using RSA Authentication Agent 7.3.1 [48] through 7.3.2 [80].

"RSA Authentication Agent versions 7.3.1 [48] through 7.3.2 [80] were linked with a BSAFE version where the TLS 1.2 handshake was broken but still worked by negotiating down to TLS 1.1"

Authentication Manager 8.4 and higher uses only TLS 1.2.

SSL Socket Connection Errors can be seen in the System Activity Monitor or by running a System Log Report via the Security Console.
2019-11-25 14:58:56WARN26246SSL Socket Connection ErrorSSL handshake exception occurred with the remote host “Agent IP Address” communicating over the SSL channel:“No shared ciphers for protocol”WarningRemote client communicates over unsupported SSL/TLS channel.SYSTEM
ResolutionDownload and install RSA Authentication Agents for Windows that is at least RSA Authentication agent 7.3.2 [85] for this particular problem.

More information can be found in article 000036579 - After upgrading to RSA Authentication Manager 8.3, the real time system log monitor shows error handling OA request: No shared ciphers for protocol.