000014122 - RKM Java Client 1.5.2.2: Connection fails when Web server has RC4 disabled

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014122
Applies ToRSA Key Manager Java Client 1.5.2.x
Java
IssueRKM Java Client 1.5.2.2: Connection fails when Web server has RC4 disabled

IIS has RC4 disabled as described at http://support.microsoft.com/kb/245030:

Run regedit and open HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers.

For each of these ciphers:

  RC4 128/128
  RC4 40/128
  RC4 56/128

Create a new DWORD value named "Enabled" and set its value to 0 (or 0x 00 00 00 00).


com.rsa.kmclient.KMSConnection : Connect start
com.rsa.kmclient.KMSConnection : Set SSLParams
com.rsa.kmclient.KMSConnection : Seeded PRNG
com.rsa.kmclient.KMSConnection : Added CA Certificate to SSL Params
com.rsa.kmclient.KMSConnection : Cert chain level : 1
com.rsa.kmclient.KMSConnection : Connection step1
com.rsa.kmclient.KMSConnection : Connection step2
com.rsa.kmclient.KMSConnection : Connection step3
com.rsa.kmclient.KMSConnection : Connection step4
com.rsa.kmclient.KMSConnection : Time took to connect to KMS Server : 0 millisec

com.rsa.kmclient.KMSConnection : Connection step5
com.rsa.kmclient.KMSConnection : Time took to error out of KMS Server : 0 millis
ec
com.rsa.kmclient.KMSConnection : KMS Server connection failed . error : Could no
t establish connection
com.rsa.ssl.SSLException: Could not establish connection
        at com.rsa.ssl.common.ClientProtocol.sendHello(Unknown Source)
        at com.rsa.ssl.common.ClientProtocol.startHandshake(Unknown Source)
        at com.rsa.ssl.SSLSocket.getInputStream(Unknown Source)
        at com.rsa.kmclient.KMSConnection.connect(Unknown Source)
        at com.rsa.kmclient.KMClient.b(Unknown Source)
        at com.rsa.kmclient.KMClient.getKey(Unknown Source)
        at GetKeyNoKeyID.main(Unknown Source)
com.rsa.kmclient.KMClient : getKeyFromServer: KMS connect failed : KMS Server co
nnection failed : Could not establish connection
com.rsa.kmclient.KMSException: KMS Server connection failed : Could not establis
h connection
        at com.rsa.kmclient.KMSConnection.connect(Unknown Source)
        at com.rsa.kmclient.KMClient.b(Unknown Source)
        at com.rsa.kmclient.KMClient.getKey(Unknown Source)
        at GetKeyNoKeyID.main(Unknown Source)

ResolutionIn RKM Java Client 1.5.2.2 and earlier, only RC4 cipher suites were specified for the SSL handshake.  Upgrade to RKM Java Client 1.5.2.2.1 or higher, which specifies additional cipher suites for the SSL handshake.
Legacy Article IDa43066

Attachments

    Outcomes