Server chose an unconfigured cipher suite error in Portworx using ONTAP S3
Applies to
- ONTAP 9.8+
- ONTAP S3
- Portworx
Issue
- The following error is observed when configuring Portworx with ONTAP S3:
tls: server chose an unconfigured cipher suite
- The cipher being used is
ECDHE-RSA-AES256-GCM-SHA384
.
ECDHE-RSA-AES256-GCM-SHA384
, which corresponds to the OpenSSL cipher nameECDHE-RSA-AES256-GCM-SHA384,
is allowed in ONTAP:
cluster1::> set advanced
cluster1::*> security config show -interface SSL
(DEPRECATED)-FIPS-Compliant Interface: SSL
FIPS Mode: true
Supported Protocols: TLSv1.3, TLSv1.2
(DEPRECATED)-Supported Ciphers: ALL:!LOW:!aNULL:!EXP:!eNULL:!3DES:!kDH:!kECDH
Supported Cipher Suites: TLS_RSA_WITH_AES_128_CCM,
…
TLS_ECDHE_RSA_WITH_AES_256_
GCM_SHA384,