After upgrading CA PAM to version 4.2.0, 4.2.1, 4.2.2, 4.2.3 or 4.3.0, trying to connect to some Windows servers, the following error appears

RDP failed with SSL connection error internal_error(80)

When checking the CA PAM Client log after having set the Applet in debug in CA PAM, there is the following message

2025-09-03 12:46:57 INFO  - Caused by: java.lang.NullPointerException: Cannot invoke "org.bouncycastle.tls.TlsDHGroupVerifier.accept(org.bouncycastle.tls.crypto.DHGroup)" because "dhGroupVerifier" is null     syserr.write [PAM Access Agent-3]
2025-09-03 12:46:57 INFO  -      syserr.write [PAM Access Agent-3]
2025-09-03 12:46:57 INFO  -     at org.bouncycastle.tls.TlsDHUtils.receiveDHConfig(TlsDHUtils.java:137)     syserr.write [PAM Access Agent-3]
2025-09-03 12:46:57 INFO  -      syserr.write [PAM Access Agent-3]
2025-09-03 12:46:57 INFO  -     at org.bouncycastle.tls.TlsDHEKeyExchange.processServerKeyExchange(TlsDHEKeyExchange.java:95)     syserr.write [PAM Access Agent-3]

CA PAM 4.2.0-4.2.3, 4.3.0

The error is caused by servers configured with 1024 as the DH key length. Bouncy castle has been upgraded in the latest versions of PAM and it does not, by default, support 1024 bit DH key lengths.

As a result Bouncy Castle fails with a Null Pointer exception (as there is no DHGroupVerifier for 1024 bit key length), which in turn causes the SSL connection to fail with internal_error(80).

This problem is fixed for 4.3.0 in published hotfix 4.3.0.01, and will be fixed in 4.2.4+ and 4.3.1+. If you are on 4.2.3 or lower, affected by this problem and cannot upgrade yet to a release that includes the fix, open a case with PAM Support.

TLS error 80 is a generic error code for handshake-related problems when connecting to an RDP server, and may have other root causes. Please check  KB390687 for another problem leading to the same error code