|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1 SP 1 patch 13
|Issue||Secure Sockets Layer (SSL) connections use a protocol such as SSL version 3 or TLS version 1, and they use a cipher, such as RC4.|
RSA Authentication Manager products generally;
This article shows how to verify that the TLS 1.2 configuration is working correctly, and shows some useful testing and troubleshooting techniques using the openssl utility.
|Tasks||Find and use openssl 1.0.1, which is not in the SUSE Linux distribution that is provided with RSA Authentication Manager 8.1 SP1 patch 13 and earlier. |
The openssl version will display the version of your openssl distribution.
You can force openssl s_client to request a specific protocol such as TLS version 1.2 with the -tls1_2 switch. In this example, 192.168.2.30 is an RSA Authentication Manager 8.1 SP1 patch 13 appliance and :7004 is the port for the Security Console and Self-Service Console:
You will see a syntax error with openssl version 0.98 because TLS1.2 is not supported, so the -tls1_2 switch is an unknown option. The same command with openssl version 1.0.1 or later works, the option is known and recognized.
Scroll down to see:
|Notes||Enabling TLS1_2 mode on RSA Authentication Manager 8.1 SP1 patch 13 and later servers requires that RSA Authentication Agents for Windows that require autoregistration and offline data also be upgraded to RSA Authentication Agents for Windows 7.3 or later.|
Some openssl syntax examples:
See 000032627 - How to export RSA Authentication Manager 8.0 and 8.1 Web Tier Virtual Host Key Pair to a PFX file.