Accessing a secure CA Process Automation via FireFox fails

book

Article ID: 18515

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Process Automation Base

Issue/Introduction

Description:

When attempting to access a secure CA Process Automation using a FireFox browser, an error may be displayed and access is not permitted. The error message is

Secure Connection Failed

An error occurred during a connection to {PAM_SERVER_NAME}.
Unsupported elliptic curve. (Error code: sec_error_unsupported_elliptic_curve)

Solution:

It seems that there is an issue with FireFox that prevents SSL Servers that allow Dual_EC_DRBG to load. This is preventing the client from communicating with the server.

This is an issue with OpenSSL and TLS and not a CA Process Automation issue.

Do the following in FireFox

Open a new blank window and type about:config
search for and double click the values for

security.tls.version.min =
security.tls.version.max =

Set the values for these parameters as follows:

security.tls.version.min = 0
security.tls.version.max = 0

Once those are set, close the browser and try accessing PAM again.

This enables SSL3 and TLS1 for FireFox.
These are both enabled by default in Chrome.

Environment

Release: ITPASA99000-4.1-Process Automation-Add On License for-CA Server Automation
Component: