000012626 - RSA Access Manager Certificate based authentication fails with IE 11 browser

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000012626
Applies ToInternet Explorer 11 (IE11)
RSA Access Manager Agent 4.7 for BEA WebLogic 10
IssueRSA Access Manager Certificate based authentication fails with IE 11 browser
The WebLogic system.log shows the following error message:

<Nov 29, 2013 12:48:29 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer h69-130-142-207.prsstn.broadband.dynamic.tds.net - 69.130.142.207 during SSL handshake.>

java.lang.ArrayIndexOutOfBoundsException: 0

        at com.rsa.cleartrust.webfilter.AuthenticationService.doAuthentication(Unknown Source)


RSA Access Manger shows an access denied error.
CauseThe default settings for Internet Explorer 11 selects TLS 1.2 as the default SSL handshake mechanism.  WebLogic 10.3.x versions using JDK 1.6 or earlier only support "SSL 3.0" and "TLS 1.0"
ResolutionUnder Internet Explorer "Internet Options" "Advanced", disable "TSL 1.1" and "TLS 1.2".  This will cause WebLogic to negotiate a "TLS 1.0" SSL handshake.
Upgrade the WebLogic JDK to Java 1.7 or greater.  Note that this may require an upgrade to your WebLogic version.
NotesSee Oracle Doc ID 1372247.1, or Doc ID 1548475.1 
Legacy Article IDa63186

Attachments

    Outcomes