000030287 - Cannot access Security and Operations Console in AM 7.1

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000030287
Applies ToAM 7.1 SP4
IssueWhen attempting to access the security and operations consoles in AM 7.1, you encounter one of the following error:



In Firefox, it states:

Secure Connection Failed



An error occurred during a connection to <hostname>:7004. Cannot communicate securely with peer: no common encryption algorithm(s). (Error code: ssl_error_no_cypher_overlap)



    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.

    Please contact the website owners to inform them of this problem.



In IE, it states:

This page can’t be displayed

Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://<hostname>:7004  again. If this error persists, contact your site administrator.



In Chrome, it states:

This webpage is not available

ERR_SSL_VERSION_OR_CIPHER_MISMATCH



Click on the details hyper-link, it says: A secure connection cannot be established because this site uses an unsupported protocol.
Resolution



Solution

AM 7.1 reached end-of-life on December 31st.  Please upgrade to at least AM 7.1 SP4 Patch 36 or migrate to the latest version of AM 8.1 to get the fix for this issue.



In AM 7.1 SP4 Patch 36, it contains the following fix:

AM-28570 - Limits certain ports used for https browser connections to use only TLSv1. This addresses the POODLE vulnerability (CVE-2014-3566) associated with padding in messages encrypted by CBC ciphers under SSLv3. This fix must be applied to all primary and replica systems. 
WorkaroundWorkaround in Firefox



Enter "about:config" (without quotes) in the addressbar, and change the following values



security.tls.version.min set it to 0 

security.tls.version.fallback-limit set it to 0 



After saving these changes, please try to access the security and/or operations console again.   Once the AM environment has upgraded to at least AM 7.1 SP4 Patch 36, please revert the changes made in Firefox.
**Please note that this may technically lower the security of the browser so it is advised to load patch 36 (or newer) as soon as possible. 

Attachments

    Outcomes