Issue Resolution

Agent receives an unknown protocol error when attempting to contact the administrative node

This can indicate that the operating system is using sha1 for encryption. This protocol is no longer supported by default in PingAccess.

We recommend switching to SHA-256. If you cannot switch to SHA-256, you can re-enable SHA-1:

  1. Open the run.properties file.
  2. Add TLSv1 to the protocol list.
    tls.default.protocols=TLSv1, TLSv1.1, TLSv1.2, TLSv1.3
  3. Add the SHA entries to the cipher suites list.
    tls.default.cipherSuites = TLS_CHACHA20_POLY1305_SHA256,\
                               TLS_AES_256_GCM_SHA384,\
                               TLS_AES_128_GCM_SHA256,\
                               TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,\
                               TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,\
                               TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,\
                               TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,\
                               TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,\
                               TLS_EMPTY_RENEGOTIATION_INFO_SCSV, \
                               TLS_RSA_WITH_AES_128_CBC_SHA, \
                               TLS_DHE_RSA_WITH_AES_128_CBC_SHA, \
                               TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, \
                               TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, \
                               TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA