This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Register Now
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

RSA® Access Manager Knowledge Base

Find answers to your questions and identify resolutions for known issues with knowledge base articles written by RSA Access Manager experts.

RSA Access Manager Certificate based authentication fails with IE 11 browser

Article Number

000012626

Applies To

Internet Explorer 11 (IE11)
RSA Access Manager Agent 4.7 for BEA WebLogic 10

Issue

RSA Access Manager Certificate based authentication fails with IE 11 browser
The WebLogic system.log shows the following error message:
<Nov 29, 2013 12:48:29 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer h69-130-142-207.prsstn.broadband.dynamic.tds.net - 69.130.142.207 during SSL handshake.>
java.lang.ArrayIndexOutOfBoundsException: 0
        at com.rsa.cleartrust.webfilter.AuthenticationService.doAuthentication(Unknown Source)

RSA Access Manger shows an access denied error.

Cause

The default settings for Internet Explorer 11 selects TLS 1.2 as the default SSL handshake mechanism.  WebLogic 10.3.x versions using JDK 1.6 or earlier only support "SSL 3.0" and "TLS 1.0"

Resolution

Under Internet Explorer "Internet Options" "Advanced", disable "TSL 1.1" and "TLS 1.2".  This will cause WebLogic to negotiate a "TLS 1.0" SSL handshake.
Upgrade the WebLogic JDK to Java 1.7 or greater.  Note that this may require an upgrade to your WebLogic version.

Notes

See Oracle Doc ID 1372247.1, or Doc ID 1548475.1 
0 Likes
Was this article helpful? Yes No
No ratings

In this article

Version history
Last update:
‎2020-12-13 07:09 AM
Updated by:
Administrator Administrator

Related Content

© 2023 RSA Security LLC or its affiliates. All rights reserved.