Reset Search



KB29001 - Device certificates using ECC are not supported prior to 8.2R3

« Go Back


Last Modified Date7/31/2016 5:40 PM
This article describes an issue with ECC device certificate support with Pulse Connect Secure (PCS) client software such as Windows Secure Application Manager, (WSAM), Windows Terminal Services (WTS), Virtual Desktop Infrastructure, (VDI), Network Connect (NC), and Pulse Collaboration clients.
Problem or Goal
Prior to 8.2R3, Network Connect (NC), Windows Secure Application Manager (WSAM), and Windows Terminal Services (WTS) fail to initiate an TLS handshake with the PCS device if the device certificate installed on the Pulse Connect Secure server uses the ECC algorithm with ECDSA and ECDH cryptographic cipher suites.  You may see the following error message with Windows Terminal Services (WTS):
Pulse Secure Terminal Services Client could not establish a 
connection to Secure Gateway. Click OK to exit and retry. If the 
problem persists, please contact your Administrator.
This issue occurs due to Network Connect, WSAM, and WTS do not support ECC algorithms such as ECDSA and ECDH cipher suites prior to 8.2R3.
The only client that supports ECC handshake prior to 8.2R2 is Pulse Secure Desktop Client 4.0R1 and up, because it supports connections using FIPS140-2 and Suite B cryptographic algorithms.

All Pulse Secure client (expect Pulse Secure Desktop client 4.0R1 and above), the server must be running 8.2R3 or higher in order to support TLS handshakes using ECC certificates.

You can download software and documentation from the Pulse Secure, LLC Support site

Related Links
Attachment 1 
Created ByData Deployment



Was this article helpful?



Please tell us how we can make this article more useful.

Characters Remaining: 255