Resolving a problem with SSL/TLS clients

Changing the security level of the system might cause the web interface, CIM clients, and other SSL/TLS clients to stop working. If any clients stop working, complete the following procedure.

Procedure

  1. Wait 5 minutes and try again. The clients might still need to wait for the services to restart.
  2. Confirm that the SSL/TLS implementation of the client (for example, the web browser or CIM management tool) is up to date and supports the level of security that is being enforced. If necessary, revert to a weaker SSL/TLS security level in the system and see whether this action resolves the issue.
  3. If the problem is a browser problem, check the exact error message that is reported by the browser.
    If the error message is cipher error, SSL error, TLS error, or handshake error, then the error implies that there is a problem with the secure connection. In this case, ensure that the following conditions are met:
    • The browser is up to date.
    • All of the supported browsers (Internet Explorer, Firefox, Firefox ESR, and Chrome) support the TLS version that you configured. To determine the TLS version that is configured, use the lssecurity command.
    • The services support the protocol versions and ciphers for the selected security level.

    If there is only a blank screen, it is likely that either the web service needs to restart, or there is a problem unrelated to the security level.