Agent receives an unknown protocol error when attempting to contact the
administrative node |
This can indicate that the operating system is using sha1 for encryption.
This protocol is no longer supported by default in PingAccess.
We recommend switching to SHA-256. If you cannot switch to SHA-256 you
can re-enable SHA-1:
- Open the run.properties file.
- Add TLSv1 to the protocol list. For
example,
tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
- Add the SHA entries to the cipher suites list. For
example,
tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\
TLS_AES_256_GCM_SHA384,\
TLS_AES_128_GCM_SHA256,\
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\
TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
TLS_RSA_WITH_AES_128_CBC_SHA, \
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
|