Hotfix 01 has been applied to CA PAM 3.3.1 or 3.3.2 (3.3.1.01 or 3.3.2.01 respectively) to manage old Cisco devices with no support for newer ciphers.
The instructions in the hotfix readme were followed:
- Clear the java caches (if connecting through the browser), or
- Restart the CA PAM Client and clear the client cache (if using this means to connect to CA PAM)
However, whenever trying to connect they the following error is still present Couldn't agree on kex algorithm (our: 'ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistpEven256,diffie-hellman-group-exchange-sha256', peer: 'diffie-hellman-group14-sha1')
It need not be exactly this one, but another implying there is still a mismatch in ciphers/kex algorithms supported by PAM and the remote device