升级ONTAP后TLSv1连接失败
适用场景
ONTAP 9
问题描述
- 升级ONTAP后TLSv1连接失败(9.5 → 9.11)。
- 已发布ONTAP系统:
openssl s_client -connect <mgmt LIF IP>:443 -tls1客户端上的命令失败:---------------------------[root@localhost ~]# openssl s_client -connect 192.168.33.22:443 -tls1CONNECTED(00000003)140124771491111:error:1401111E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version:s3_pkt.c:1487:SSL alert number 70140124771491111:error:111110E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:656:---no peer certificate available---......New, (NONE), Cipher is (NONE)--------------------------- - 正常ONTAP系统:
- 已发布ONTAP系统:
openssl s_client -connect <mgmt LIF IP>:443 -tls1 客户端上的命令成功:
--------------------------- [root@localhost ~]#openssl s_client -connect 192.168.44.55:443 -tls1 CONNECTED(00000003) depth=0 CN = cluster1, C = US verify error:num=18:self signed certificate verify return:1 depth=0 CN = cluster1, C = US ...... Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 1545 bytes and written 333 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported ---------------------------security congfig show发出的ONTAP的命令输出与普通ONTAP相同。