TLSv1 connection fails after ONTAP upgrade
Applies to
ONTAP 9
Issue
- TLSv1 connection fails after ONTAP upgrades (9.5 → 9.11).
- Issued ONTAP system:
openssl s_client -connect <mgmt LIF IP>:443 -tls1command on client fails:---------------------------[root@localhost ~]# openssl s_client -connect 192.168.33.22:443 -tls1CONNECTED(00000003)140124771491111:error:1401111E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1487:SSL alert number 70140124771491111:error:111110E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:---no peer certificate available---......New, (NONE), Cipher is (NONE)--------------------------- - Normal ONTAP system:
- Issued ONTAP system:
openssl s_client -connect <mgmt LIF IP>:443 -tls1 command on client succeeds:
--------------------------- [root@localhost ~]#openssl s_client -connect 192.168.44.55:443 -tls1 CONNECTED(00000003) depth=0 CN = cluster1, C = US verify error:num=18:self signed certificate verify return:1 depth=0 CN = cluster1, C = US ...... Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1545 bytes and written 333 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported ---------------------------security congfig showcommand output of the issued ONTAP is the same as normal ONTAP.