Reset Search
 

 

Article

KB29001 - Device certificates using ECC are not supported prior to 8.2R3

« Go Back

Information

 
Last Modified Date7/31/2016 5:40 PM
Synopsis
This article describes an issue with ECC device certificate support with Pulse Connect Secure (PCS) client software such as Windows Secure Application Manager, (WSAM), Windows Terminal Services (WTS), Virtual Desktop Infrastructure, (VDI), Network Connect (NC), and Pulse Collaboration clients.
Problem or Goal
Prior to 8.2R3, Network Connect (NC), Windows Secure Application Manager (WSAM), and Windows Terminal Services (WTS) fail to initiate an TLS handshake with the PCS device if the device certificate installed on the Pulse Connect Secure server uses the ECC algorithm with ECDSA and ECDH cryptographic cipher suites.  You may see the following error message with Windows Terminal Services (WTS):
 
Pulse Secure Terminal Services Client could not establish a 
connection to Secure Gateway. Click OK to exit and retry. If the 
problem persists, please contact your Administrator.
Cause
This issue occurs due to Network Connect, WSAM, and WTS do not support ECC algorithms such as ECDSA and ECDH cipher suites prior to 8.2R3.
Solution
The only client that supports ECC handshake prior to 8.2R2 is Pulse Secure Desktop Client 4.0R1 and up, because it supports connections using FIPS140-2 and Suite B cryptographic algorithms.

All Pulse Secure client (expect Pulse Secure Desktop client 4.0R1 and above), the server must be running 8.2R3 or higher in order to support TLS handshakes using ECC certificates.

You can download software and documentation from the Pulse Secure, LLC Support site https://www.pulsesecure.net/support/

Related Links
Attachment 1 
Created ByData Deployment

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255