Troubleshooting

The following table lists some potential problems and resolutions you might encounter with the PingAccess agent for RHEL.

Issue Resolution

Issue	Resolution
Agent receives an unknown protocol error when attempting to contact the administrative node	This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess. We recommend switching to SHA-256. If you cannot switch to SHA-256 you can re-enable SHA-1: Open the `run.properties` file. Add TLSv1 to the protocol list. For example: tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3 Add the SHA entries to the cipher suites list. For example: tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\ TLS_AES_256_GCM_SHA384,\ TLS_AES_128_GCM_SHA256,\ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\ TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \ TLS_RSA_WITH_AES_128_CBC_SHA, \ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \ TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA

Agent receives an unknown protocol error when attempting to contact the administrative node

This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess.

We recommend switching to SHA-256. If you cannot switch to SHA-256 you can re-enable SHA-1:

Open the run.properties file.

Add TLSv1 to the protocol list. For example:

tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3

Add the SHA entries to the cipher suites list. For example:

tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\
                           TLS_AES_256_GCM_SHA384,\
                           TLS_AES_128_GCM_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
                           TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
                           TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\
                           TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
                           TLS_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
                           TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA