search cancel

Websphere agent 21.4 unable to connect to cloud proxy due to cipher error - 21.6 works


Article ID: 223693


Updated On:


CA Application Performance Management (APM / Wily / Introscope) DX APM SaaS CA Application Performance Management Agent (APM / Wily / Introscope) DX Application Performance Management


Using WAS 8.5.5. on IBM JVM 1.8_181 with 21.4 Java agent.

This is failing to connect to the Cloud Proxy (via LBAS load balancer) due to a cipher issue

9/09/21 05:16:28 AM BST [VERBOSE] [IntroscopeAgent.ConnectionThread] Attempting to connect to Introscope Enterprise Manager, (4).
9/09/21 05:16:28 AM BST [WARN] [IntroscopeAgent.CommonsHttpTunnelingClient] connectBinary failed to perform SSL handshake: Received fatal alert: handshake_failure


When using a 21.6 agent it works - what is different about 21.6 and can the change be adapted for 21.4 






21.4 agent lists the ciphers supported and then sets 

9/09/21 05:15:57 AM BST [INFO] [IntroscopeAgent.Agent] Setting SSL socket ciphers to: [SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256]

however this cipher is not supported by the intermediate load balancer

21.6 agent instead sets 

9/10/21 01:24:21 PM BST [INFO] [IntroscopeAgent.Agent] Setting SSL socket ciphers to: []


Release : 21.4

Component : Agent


Forcing the agent to use a specific cipher supported by both agent JVM and the remote endpoint via an agent property addressed the problem


On 04Th December 2021, this workaround was rollout to SaaS as a permanent fix.

Additional Information

setting agentManager.cipherSuites.1= did not help with 21.4 agent even though 21.6 was effectively doing this