Troubleshooting
The following list indicates potential problems and resolutions you might encounter with the PingAccess agent for RHEL.
- Agent receives an unknown protocol error when attempting to contact the administrative node
-
This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess.
We recommend switching to SHA-256. If you cannot switch to SHA-256 you can re-enable SHA-1:
-
Open the
run.properties
file. -
Add TLSv1 to the protocol list. For example,
tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
-
Add the SHA entries to the cipher suites list. For example,
tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\ TLS_AES_256_GCM_SHA384,\ TLS_AES_128_GCM_SHA256,\ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\ TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \ TLS_RSA_WITH_AES_128_CBC_SHA, \ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
-