Auth Connector fails to connect to auth.threatpulse.net
search cancel

Auth Connector fails to connect to auth.threatpulse.net

book

Article ID: 175072

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The connection between Auth Connector and Web Security Service (WSS) does not seem to be working correctly after you have installed Auth Connector succesfully.

When you run a Wireshark PCAP, you are seeing SSL handshake failure when the Auth Connector is trying to establish SSL handshake to Web Security Service Authentication Manager - auth.threatpulse.net

 

The Auth Connector Client may not be having the supported ciphers to connect to the Web Security Service Authentication Manager - auth.threatpulse.net

Here is an example of the BCCA(The Auth Connector) debug error : -

2019/06/05 05:06:56.385 [1640] [2160:1640] SSL negotiate: AcceptSecurityContext failed: 0x80090326; status=-2146893018:0x80090326:The message received was unexpected or badly formatted.
2019/06/05 05:06:56.385 [1640] [2160:1640] SSL setup failed; status=-2146893018:0x80090326:The message received was unexpected or badly formatted.

2019/06/05 05:06:56.385 [1640] SSL failed: bailout -2146893018(0x80090326)
2019/06/05 05:06:56.385 [1640] [2160:1640] Failed to establish SSL connection.; status=-2146893018:0x80090326:The message received was unexpected or badly formatted.

 

 

Environment

Web Security Service

Cause

Some of the customer may have strict policy on its servers and may have disabled most of the 128 and 256 bit ciphers.

At the time of writing of this article on May 6th 2019, the supported ciphers are :

TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)   
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33)   
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)   
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39)   
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)   
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) 

Resolution

Make sure your Auth Connector host is supporting the list of the supported ciphers and will be using it during the SSL handshake connection to Web Security Service Authentication Manager.