Not all combinations of server version and agent version are supported. This is because of an ectool/Perl API communication incompatibility as well as a Diffie-Hellman key size incompatibility.
To enable the CloudBees CD server versions 7.0 or newer to configure Diffie-Hellman cipher suites properly, CloudBees CD uses OpenSSL-1.0.1T or newer versions with SSLv2 enabled. Because of OpenSSL and JRE changes, the minimum Diffie-Hellman key size requirement is increased to 1024 bits (from 768 bits) as of version 7.0.
Server versions 7.0 or newer use Jetty (a Java HTTP server), which listens on the 8000 (unsecure) and 8443 (secure) ports. Server versions 7.0 or newer use Java 1.8.0_66, in which the ephemeral DH key size defaults to 1024 bits during SSL/TLS handshaking in the SunJSSE provider.
For details on the increase of the key size requirement as of Java 1.6-u101, see the Java release note at https://www.oracle.com/technetwork/java/javase/overview-156328.html#6u101-b31. For details as of Java 1.7-u85, see the Java release note at https://www.oracle.com/technetwork/java/javase/7u85-relnotes-2587591.html.
Because their minimum key size is 1024 bits, agent versions 7.0 or newer can connect only to:
Server versions 5.4, 6.0.1, or 6.5 or higher via ectool
External applications that require SSL with a minimum key size of 1024 bits
However, CloudBees CD Automation Platform agents of versions 5.0.6, 5.3, or 5.4 and CloudBees CD agent versions 6.0.1 or 6.5 or newer can connect to all CloudBees CD server versions (including 7.0 or newer) via ectool and ec-perl.
CloudBees CD Automation Platform server versions 5.0.6 or 5.3 or newer can run jobs using all agent versions (including 7.0 or newer). CloudBees CD server versions 7.0 or newer can run jobs using CloudBees CD Automation Platform agent versions 5.0.6 or 5.3 or newer.