PingAccess

Troubleshooting

The following list indicates potential problems and resolutions you might encounter with the PingAccess agent for RHEL.

Agent receives an unknown protocol error when attempting to contact the administrative node

This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess.

We recommend switching to SHA-256. If you cannot switch to SHA-256 you can re-enable SHA-1:

  1. Open the run.properties file.

  2. Add TLSv1 to the protocol list. For example,

    tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

  3. Add the SHA entries to the cipher suites list. For example,

    tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\
                           TLS_AES_256_GCM_SHA384,\
                           TLS_AES_128_GCM_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
                           TLS_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA