Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
3
Helpful
8
Replies

"Application Server" service craches when enable "Allow SHA1 Chiper"

Go to solution
rezaalikhani
VIP
VIP

‎05-03-2023 02:07 AM - edited ‎05-03-2023 03:02 AM

Hi all;

I am using ISE 3.1 Patch 5 in my production environment. For some reasons I want to enable "Allow SHA1 Ciphers" option. When I do that, the "Application Server" services caches and then restart automatically. I have seen this behavior in every ISE 3.1 installation...

Any ideas?

Thanks

0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎05-03-2023 03:09 AM

 

  - This could be considered normal behavior because the application services need to adjust according to the new setting(s) , meaning it should then be a one time event only related to changing the allowed ciphers (?)

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

View solution in original post

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎05-03-2023 03:44 PM - edited ‎05-03-2023 03:45 PM

I have not seen this issue and I've enabled the 'Allow SHA1 ciphers' option on both my lab and a customer ISE 3.1 deployment. The app server restarted fine on both.

When I change the setting, the GUI prompts with the following message so I'm not sure why didn't get any warning.

If you continue to see this issue and can replicate it easily, I would suggest opening a TAC case to investigate.
"Changing SHA1 cipher settings will cause the ISE application server to restart on all deployment ISE machines, are you sure you want to proceed?"

View solution in original post

8 Replies 8

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame

‎05-03-2023 03:09 AM

 

  - This could be considered normal behavior because the application services need to adjust according to the new setting(s) , meaning it should then be a one time event only related to changing the allowed ciphers (?)

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
rezaalikhani
VIP
VIP
In response to Mark Elsen

‎05-03-2023 03:32 AM - edited ‎05-03-2023 03:33 AM

Thanks for your reply...

After I enable the "Allow SHA1 Ciphers" option and then save the configuration, the "Application Server" service goes down without any message to warn me. After some time that the service goes up, we can confirm that the configuration changes has not applied. Now, make the change again, the "Application Server" service goes down for the second time, but this time the changes applies successfully!

 

0 Helpful

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to rezaalikhani

‎05-03-2023 03:38 AM

 

            - How do you assert  that it does not work on first attempt ?

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
rezaalikhani
VIP
VIP
In response to Mark Elsen

‎05-03-2023 03:57 AM

Because the check box beside the "Allow SHA1 Ciphers" option not selected, although I selected it on the first place.

0 Helpful

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to rezaalikhani

‎05-03-2023 05:01 AM

 

  - Make sure you are not suffering from browser caching effects and or verify initial attempt (setting) with another browser , for instance, 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

Go to solution
rezaalikhani
VIP
VIP
In response to Mark Elsen

‎05-03-2023 05:13 AM

Thanks for your reply...

I have checked this situation from 4 ISE deployments with various browsers, with exactly same result.

0 Helpful

Go to solution
Mark Elsen
Hall of Fame
Hall of Fame
In response to rezaalikhani

‎05-03-2023 10:03 AM

 

          - Possibly a bug , upgrade to latest available patch release for ISE 3.1 , if it does not help raise a TAC case , 

 M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)

Go to solution
Greg Gibbs
Cisco Employee
Cisco Employee

‎05-03-2023 03:44 PM - edited ‎05-03-2023 03:45 PM

I have not seen this issue and I've enabled the 'Allow SHA1 ciphers' option on both my lab and a customer ISE 3.1 deployment. The app server restarted fine on both.

When I change the setting, the GUI prompts with the following message so I'm not sure why didn't get any warning.

If you continue to see this issue and can replicate it easily, I would suggest opening a TAC case to investigate.
"Changing SHA1 cipher settings will cause the ISE application server to restart on all deployment ISE machines, are you sure you want to proceed?"

Customers Also Viewed These Support Documents