Subscribe
Accepted Solution

Unable to connect to Netapp Filer, it throws SSLHandshake Exception

Hi,

I am using ontapi version 1.1 to connect to a netapp Filer device(version 7.3.5.1) using SSLv3 and i am getting the below Exception. I am able to connect successfully if am using SSLv2 instead of SSLv3(i.e if i enable sslv2 option in netapp filer and disable sslv3 option)

Unexpected I/O exception occurred:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)

          at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

          at java.io.OutputStream.write(Unknown Source)

          at netapp.manage.http.HTTPMessage.write(HTTPMessage.java:327)

          at netapp.manage.http.HTTPClient.doRequest(HTTPClient.java:382)

          at netapp.manage.NaServer.invokeHTTP(NaServer.java:783)

          at netapp.manage.NaServer.invokeElem(NaServer.java:577)

Caused by: java.io.EOFException: SSL peer shut down incorrectly

          at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

More Details:

We have a customer with the below settings in his netapp filer and we are getting the above Exception while connecting to him.

But, we are able to connect to the netapp filer device(in our lab) using SSLv3 with the same below configuration.

Any ideas what could be the reason for this behaviour ?

Netapp Filer Version: 7.3.5.1

Netapp options set for ssl enabling

mz-fil1a> options ssl

ssl.enable on

ssl.v2.enable off

ssl.v3.enable on

mz-fil1a> secureadmin status

ssh2 - active

ssh1 - inactive

ssl - active

Also, this are parameters we use to construct the NaServer object before connecting to the Netapp Filer

MajorVersion(Set as 1)

MinorVersion(Set as 0)

TransportType(Set as https)

Thanks,

Prithvi

Re: Unable to connect to Netapp Filer, it throws SSLHandshake Exception

Hi,

This is because of a bug in ONTAP 7.x versions.

As a workaround, just enable the TLS  in addition to SSLv3 (keeping SSLv2 disabled). i.e. have the following options:

myfiler> options ssl

ssl.enable                   on        

ssl.v2.enable                off       

ssl.v3.enable                on        

myfiler> options tls

tls.enable                   on        

myfiler>

Regards,

Sen.

Re: Unable to connect to Netapp Filer, it throws SSLHandshake Exception

Thanks Sen for the work around. I will try this and get back to you.

Re: Unable to connect to Netapp Filer, it throws SSLHandshake Exception

Thanks Sen, work around worked like charm