Post removal of all TLS PSK cipher suites while FIPs is enabled, snapmirror fails

Last updated
Save as PDF
Share
1. Share
2. Tweet
3. Share

Views:: 397

Visibility:: Public

Votes:: 0

Category:: snapmirror

Specialty:: core

Last Updated:

Applies to

ONTAP
SnapMirror

Issue

- Removing all non-Diffe-Hellman (DHE) TLS PSK cipher suites while FIPs is enabled causes all snapmirror transfers to fail when encryption is enabled. The following errors can be seen in

MESSAGES.LOG

==============================================================================================

0000001f.000b6012 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: INFO: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:1999 Enter 0000001f.000b6040 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: DEBUG: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2036 BIO_read, no data 0000001f.000b6041 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: DEBUG: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2045 BIO_get_read_request: wanted=5 0000001f.000b6042 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: DEBUG: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2086 wanted 5, _wantPending 0, delta 5 0000001f.000b6053 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: INFO: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2138 Exit 0000001f.000b6054 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: INFO: ktlsd: _serviceThread:src/tables/net_ssl_handshake.cc:2642 SSL service thread: vserver 4294967295, handle 42949674910 0000001f.000b6055 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: INFO: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:1999 Enter 0000001f.000b6056 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: DEBUG: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2036 BIO_read, no data 0000001f.000b6057 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: DEBUG: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2045 BIO_get_read_request: wanted=5 0000001f.000b6058 0a1a82d8 Thu Aug 24 2023 15:30:23 -04:00 [kern_ktlsd:info:2395] [Aug 24 15:30:23]: 0x808bf8500: 0: INFO: ktlsd: serviceNetworkBio:src/tables/net_ssl_handshake.cc:2138 Exit

==============================================================================================