000025833 - Error: 'SSL handshake failed: Bad hello. Probably not an SSL connection.' in RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025833
Applies ToRSA ClearTrust 5.0.1 Authorization Server (AServer)
IssueError: "SSL handshake failed: Bad hello. Probably not an SSL connection." in RSA ClearTrust
The displatcher.log file shows the following error message:
2003-07-08 13:05:34:734 MDT,Event Type = ,Error,Event Description = ,Error handling client connection,Error = ,java.io.IOException: the SSL handshake failed: Bad hello.  Probably not an SSL connection
CauseA ClearTrust Agent or auth server is attempting to contact the dispatcher using CLEAR authentication when the dispatcher is configured for ANON or AUTH
ResolutionTo correct this issue, ensure that all Web agents are configured with the correct setting for cleartrust.agent.ssl.use= parameter.

Also, ensure that all auth servers are configured with the correct setting for cleartrust.net.ssl.use= parameter.

Lastly, ensure there are no unknown or unauthorized Web agents attempting to contact the dispatcher. Use 'netstat' or packet trace to identify connections on port 5606 from deprecated agents. To identify location of offending Web agnet, use netstat to look for unknown hosts connecting to the dispatcher server on port 5608.
WorkaroundInstalled RSA ClearTrust Agent
Legacy Article IDa17832