Skip to main content
NetApp Knowledge Base

Server chose an unconfigured cipher suite error in Portworx using ONTAP S3

Views:
157
Visibility:
Public
Votes:
0
Category:
ontap-9
Specialty:
core
Last Updated:

Applies to

  • ONTAP 9.8+
  • ONTAP S3
  • Portworx

Issue

  • The following error is observed when configuring Portworx with ONTAP S3:
tls: server chose an unconfigured cipher suite
  • The cipher being used is ECDHE-RSA-AES256-GCM-SHA384.
  • ECDHE-RSA-AES256-GCM-SHA384, which corresponds to the OpenSSL cipher name ECDHE-RSA-AES256-GCM-SHA384, is allowed in ONTAP:
cluster1::> set advanced
cluster1::*> security config show -interface SSL
 
            (DEPRECATED)-FIPS-Compliant Interface: SSL
                                        FIPS Mode: true
                              Supported Protocols: TLSv1.3, TLSv1.2
                   (DEPRECATED)-Supported Ciphers: ALL:!LOW:!aNULL:!EXP:!eNULL:!3DES:!kDH:!kECDH
                          Supported Cipher Suites: TLS_RSA_WITH_AES_128_CCM,
                                                   TLS_ECDHE_RSA_WITH_AES_256_
                                                   GCM_SHA384,

Sign in to view the entire content of this KB article.

New to NetApp?

Learn more about our award-winning Support

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.