If you specify any ciphers on the Administration Connector, tools such as the dsreplication and status fail to connect and can throw communication exceptions.
- Set a cipher such as TLS_RSA_WITH_AES_128_CBC_SHA256 on the Administration Connector.
- Execute "dsreplication status" or "status"
- DJ 3.5.x fails.
- DS 5.0 succeeds.
In both of the above cases, SSL debug shows the cipher suites as unsupported, when in fact this works in DJ4.0/DS5.0.
In 3.5.x the final "Cipher Suites" list does not contain the above cipher, while in the working case, (4.0.0) the cipher suite is shown.
Note: the last cipher in the paste below is the configured cipher
- The initial ssl debug shows 28 messages for "Ignoring unsupported cipher suite"
- The final "Cipher Suites" list shows 22 ciphers in 3.5.x while 4.0.0 has 50.
The only workaround is to unset the ciphers which allows all available ciphers to be evaluated.