When using the TCP/IP Secure communication method between two MassTransit entities, the following error message may result, following a failed connection attempt: TCP/IP Secure reports: error: 1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared cipher
This connection error is usually the result of a failure to agree upon a minimum TCP/IP Secure encryption level among the two MassTransit entities. In other words, one side of the connection is expecting a stronger encryption strength than the other side is providing. The MassTransit entity receiving the call can check minimum encryption level using the following process:
- In the MassTransit Administrator go to Setup > Incoming Calls > TCP/IP Secure.
- Locate the field titled "Select the minimum level of encryption for incoming calls."
- Take note of the setting in the corresponding pulldown box. NOTE: The encryption levels are listed in order of strength, from weakest to strongest. The MassTransit entity placing the call can also check their minimum encryption level using the following process:
- Click Contacts from the Navigation Bar.
- Select the appropriate contact and click Edit.
- Click on the Outgoing Calls tab.
- Locate the field "Select the minimum level of encryption to use."
- Take note of the setting in the corresponding pulldown box. NOTE: The encryption levels here are also listed in order of strength, from weakest to strongest. The expected minimum encryption level of the MassTransit entity PLACING the call must meet or exceed the expected minimum encryption level of the MassTransit entity RECEIVING the call. In the event that the "no shared cipher" message is received, an agreement on encryption levels was not established. As a result, an adjustment may need to be made to receiving entity's minimum encryption level. QUICK TIP: If you continue to encounter shared cipher errors after making the mentioned adjustments, consider setting the minimum encryption levels on the sending and receiving sides to the same setting.