000028914 - How to get the RKM 1.5 Java client work with the 3.5.2 DPM appliance?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000028914
Applies ToRSA Product Set: Key Manager
RSA Product/Service Type: Key Manager Appliance
RSA Version/Condition: 3.5.2
Platform: Linux
Platform (Other): null
O/S Version: null
Product Name: null
Product Description: null
IssueGetting the following error when trying to get a key using the 1.5 Java client against a 3.5.2 DPM Appliance:
com.rsa.ssl.AlertedException: Handshake Failure.  No supported cipher suites
    at com.rsa.ssl.common.ClientProtocol.sendHello(Unknown Source)
    at com.rsa.ssl.common.ClientProtocol.startHandshake(Unknown Source)
    at com.rsa.ssl.SSLSocket.getInputStream(Unknown Source)
    at com.rsa.kmclient.KMSConnection.connect(Unknown Source)
    at com.rsa.kmclient.KMClient.b(Unknown Source)
    at com.rsa.kmclient.KMClient.getKey(Unknown Source)
    at GetKeyWithKeyID.main(GetKeyWithKeyID.java:55)
com.rsa.kmclient.KMClient : getKeyFromServer: KMS connect failed : KMS Server connection failed : Handshake Failure.  No supported cipher suites
com.rsa.kmclient.KMSException: KMS Server connection failed : Handshake Failure.  No supported cipher suites
    at com.rsa.kmclient.KMSConnection.connect(Unknown Source)
    at com.rsa.kmclient.KMClient.b(Unknown Source)
    at com.rsa.kmclient.KMClient.getKey(Unknown Source)
    at GetKeyWithKeyID.main(GetKeyWithKeyID.java:55)
com.rsa.kmclient.KMClient : getKey : Unable to get a vaild key from KMS Server: Unable to connect to KMS Server after 0 retries : KMS Server connection failed : Handshake Failure.  No supported cipher suites
com.rsa.kmclient.KMSException: Unable to connect to KMS Server after 0 retries : KMS Server connection failed : Handshake Failure.  No supported cipher suites
    at com.rsa.kmclient.KMClient.b(Unknown Source)
    at com.rsa.kmclient.KMClient.getKey(Unknown Source)
    at GetKeyWithKeyID.main(GetKeyWithKeyID.java:55)
com.rsa.kmclient.KMSException: Unable to get a vaild key from KMS Server: Unable to connect to KMS Server after 0 retries : KMS Server connection failed : Handshake Failure.  No supported cipher suites
    at com.rsa.kmclient.KMClient.getKey(Unknown Source)
    at GetKeyWithKeyID.main(GetKeyWithKeyID.java:55)


 
ResolutionEdit the file /etc/httpd/conf.d/ssl.conf
Append the value "AES-SHA" to the SSLCipherSuite parameter and restart Apache (service httpd restart)

Attachments

    Outcomes