TLSv1 connection fails after ONTAP upgrade
Applies to
ONTAP 9
Issue
- TLSv1 connection fails after ONTAP upgrades (9.5 → 9.11).
- Issued ONTAP system:
openssl s_client -connect <mgmt LIF IP>:443 -tls1
command on client fails:---------------------------
[root@localhost ~]# openssl s_client -connect 192.168.33.22:443 -tls1
CONNECTED(00000003)
140124771491111:error:1401111E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1487:SSL alert number 70
140124771491111:error:111110E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:
---
no peer certificate available
---
......
New, (NONE), Cipher is (NONE)
---------------------------
- Normal ONTAP system:
- Issued ONTAP system:
openssl s_client -connect <mgmt LIF IP>:443 -tls1
command on client succeeds:
---------------------------
[root@localhost ~]#openssl s_client -connect 192.168.44.55:443 -tls1
CONNECTED(00000003)
depth=0 CN = cluster1, C = US
verify error:num=18:self signed certificate
verify return:1
depth=0 CN = cluster1, C = US
......
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 1545 bytes and written 333 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
---------------------------
security congfig show
command output of the issued ONTAP is the same as normal ONTAP.