RSA Access Manager Certificate based authentication fails with IE 11 browser
Internet Explorer 11 (IE11) RSA Access Manager Agent 4.7 for BEA WebLogic 10
RSA Access Manager Certificate based authentication fails with IE 11 browser The WebLogic system.log shows the following error message:
<Nov 29, 2013 12:48:29 PM EST> <Warning> <Security> <BEA-090476> <Invalid/unknown SSL header was received from peer h69-130-142-207.prsstn.broadband.dynamic.tds.net - 18.104.22.168 during SSL handshake.>
at com.rsa.cleartrust.webfilter.AuthenticationService.doAuthentication(Unknown Source)
RSA Access Manger shows an access denied error.
The default settings for Internet Explorer 11 selects TLS 1.2 as the default SSL handshake mechanism. WebLogic 10.3.x versions using JDK 1.6 or earlier only support "SSL 3.0" and "TLS 1.0"
Under Internet Explorer "Internet Options" "Advanced", disable "TSL 1.1" and "TLS 1.2". This will cause WebLogic to negotiate a "TLS 1.0" SSL handshake. Upgrade the WebLogic JDK to Java 1.7 or greater. Note that this may require an upgrade to your WebLogic version.