000036579 - After upgrading to RSA Authentication Manager 8.3, the real time system log monitor shows error handling OA request: No shared ciphers for protocol

Document created by RSA Customer Support Employee on Aug 2, 2018
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000036579
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.3

IssueAfter upgrading to RSA Authentication Manager 8.3, the system logs and real time  authentication activity monitor shows the following warning message:
Error handling OA request: No shared ciphers for protocol


[OARequestHandler8], (RequestReceiver.java:41), trace.com.rsa.authmgr.internal.oa.RequestReceiver, ERROR, doaisd6520.state.mt.ads,,,,Error handling OA request

javax.net.ssl.SSLException: No shared ciphers for protocol

at com.rsa.sslj.x.aG.b(Unknown Source)

... at com.rsa.authmgr.internal.common.server.TCPServer$TCPServerThread.run(TCPServer.java:764)

Caused by: com.rsa.sslj.x.aJ: No shared ciphers for protocol

at com.rsa.sslj.x.b
G.j(Unknown Source)

No Cipher
CauseRSA Authentication Agent versions 7.3.1 [48] through 7.3.2 [80] were linked with a BSAFE version where the TLS 1.2 handshake was somehow broken but still worked by negotiating down to TLS 1.1. The Authentication Manager 8.3 servers now log these re-negotiation cipher error messages as warnings. 
ResolutionUpgrade your Windows agents to the latest version; that is, an agent later than 7.3.2 [85] for this particular problem.

As of August 2018:  For various offline dayfile download issues, contact RSA Customer Support and request RSA Authentication Agent 7.3.3 [120] or later.

WorkaroundWorkarounds are not recommended here because they would involve lowering the Logging level below Fatal and would result in losing other important log information.