|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1
|Issue||Access to the Authentication Manager 8.1 Security Console was lost after disabling the RC4 ciphers in client browsers or computers.|
|Tasks||To resolve this issue, following tasks must be performed:|
|Resolution||Here’s a way to disable the RC4 cipher in a browser so that when connecting to the Authentication Manager Security Console, it does not negotiate using RC4 ciphers. There is also something to be done on the Authentication Manager server side to support non-RC4 Ciphers. Here’s the outline.|
Browsers can be configured to use non-RC4 ciphers. These connections from the client workstation to the Authentication Manager consoles can be established via TLS and AES ciphers. These connections from the client workstation to the Authentication Manager consoles can be established via TLS and AES ciphers.
Some argue that the most secured mode possible is TLS 1.2 using RC4-128-SHA1, however once the RC4 ciphers are disabled, the connection will fail unless you enable another cipher for the Authentication Manager console in the config.xml file, such as AES.
Steps on how to disable RC4 ciphers on browsers are below.
Microsoft Internet Explorer 11
On the PC running the browser, open regedit and do the following:
Mozilla Firefox 33
On the PC running the browser, launch Firefox and do the following:
cat config.xml | grep AES
./rsaserv restart all