How to check for available SSL/TLS protocols and ciphers for a specific port in RSA Authentication Manager 8.x
Originally Published: 2016-04-22
Article Number
Applies To
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.x
Issue
Resolution
- Download the TestSSLServer.jar that is attached to this article.
- Move the file to any server with Java installed that can also connect to the desired server and port.
- Run the command java -jar TestSSLServer.jar <server_name_or_ip> <port> from the directory where you have placed the file. For example,
The output will show the available protocols and ports. Here is an example of how the output might look:
# java -jar TestSSLServer.jar am81p.vcloud.local 7002
Supported versions: SSLv3 TLSv1.0 TLSv1.1 TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
SSLv3
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
(TLSv1.0: idem)
(TLSv1.1: idem)
TLSv1.2
RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
----------------------
Server certificate(s):
d887fe3c5b9f7597c32b1c569e0dc3c219bd7cb2: SERIALNUMBER=04f93769869b944d3817e9327f809f4a9e864db0adb54067a077469629781cdc, CN=am81p.vcloud.local
----------------------
Minimal encryption strength: strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)
BEAST status: vulnerable
CRIME status: protected
In this example:
- SSLv3 is enabled with ciphers RSA_WITH_AES_128_CBC_SHA, and RSA_WITH_AES_256_CBC_SHA.
- (TLSv1.0: idem) line means that TLS 1.0 is also supported, with exactly the same list of cipher suites (and selection algorithm) as SSLv3; otherwise, TestSSLServer would have listed the suite in the same way as it did for SSLv3.
- (TLSv1.1: idem) line means that TLS 1.1 is also supported, with exactly the same list of cipher suites (and selection algorithm) as SSLv3; otherwise, TestSSLServer would have listed the suite in the same way as it did for SSLv3.
- TLSv1.2 is enabled with ciphers RSA_WITH_AES_128_CBC_SHA, RSA_WITH_AES_256_CBC_SHA, RSA_WITH_AES_128_CBC_SHA256, RSA_WITH_AES_256_CBC_SHA256, and TLS_RSA_WITH_AES_128_GCM_SHA256.
Attachments
If the attachment does not open when clicked, please refresh the page and try again. You must be logged into view the file(s).
Related Articles
Identity Management and Governance: No available certificate or key corresponds to the SSL cipher suites which are enabled. Number of Views How to disable a weak certificate on TCP ports 5550 and 5580 (CVE-2004-2761, CVE-2005-4900) Number of Views Checking the SSL ciphers suites used by RSA Authentication Manager 8.2-8.7 SP2 Number of Views How to check if NTP is working on your RSA SecurID Access Identity Router Number of Views How to check/restart the Webtier services deployed on a Linux machine in RSA Authentication Manager 8.x Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA-2026-07: RSA Authentication Manager Security Update for Third-Party Component Vulnerabilities Downloading RSA Authentication Manager license files or RSA Software token seed records RSA MFA Agent 2.5 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
