RSA Product Set: SecurID
RSA Product/Service Type: Authentication Agent for Windows
RSA Version/Condition: 7.2
An administrator updated the RSA Authentication Manager deployment running 8.2 software to version 8.3 but older RSA Authentication Agent for Windows software is being used on Windows platforms.
The following error is seen in the system activity monitor:
SSL handshake exception occurred with the remote host "xxx.xxx.xx.xxx" communicating over the SSL channel:"SSLv3" Activity Result Key: Warning Result: Remote client communicates over unsupported SSL/TLS channel. Administrator User ID: SYSTEM Activity Key: SSL Socket Connection Error
Authentications sent from the RSA Authentication Agent for Windows software still get successfully processed by the Authentication Manager deployment, however the offline authentication data fails to download to the older RSA Authentication Agent for Windows.
Only newer, supported versions of RSA Authentication Agent for Windows running the RSA Authentication Agent Offline Local service are able to negotiate a secure communications channel using TLS to port 5580 TCP on an Authentication Manager instance.
Customers are advised to update deployed RSA Authentication Agent software to RSA Authentication Agent 7.4 for Windows.
Where offline authentication data is not required, an administrator can stop the RSA Authentication Agent Offline Local service and set the service to manual to stop it from contacting the Authentication Manager deployment on port 5580 TCP and eliminating the SSL Socket Connection Error messages from the system monitor/log.
The EOPS date for the RSA Authentication Agent 7.2.x for Microsoft Windows was June 2017. See the End of Primary Support information for RSA Authentication Agent for Windows