2015-06-02 11:33 AM
Today I went to create a new SnapMirror relationship on an existing LUN but was greeted with a warning that asked me if I wanted to setup a secure connection or continue without secure. Obviously I chose the secure connection route but it kept asking until I finally caved in and said continue without secure. Thinking I can just proceed with my task at hand I went to create the SnapMirror relationship but was presented with more SSL troubles.
During the SnapMirror wizard it reproted the following:
500 Connection has been shutdown: javax.net.ssl.SSLHandsakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
I've read a few articles that suggested turning SSL.v2 off and turning on TLS. I even Disabled SSL from the OnCommand System Manager and renabled it, generating a new SSL Cert but nothing seems to work. Below
filer_A> options httpd httpd.access legacy httpd.admin.access legacy httpd.admin.enable on httpd.admin.hostsequiv.enable off httpd.admin.max_connections 512 httpd.admin.ssl.enable on httpd.admin.top-page.authentication on httpd.autoindex.enable off httpd.bypass_traverse_checking off httpd.enable off httpd.ipv6.enable off httpd.log.format common httpd.method.trace.enable off httpd.rootdir /vol/vol0/home/http httpd.timeout 300 httpd.timewait.enable off filer_A> options ssl ssl.enable on ssl.v2.enable off ssl.v3.enable on filer_A> options tls
tls.enable on filer_A> secureadmin status
ssh2 - active
ssh1 - inactive
ssl - active
Thank you in advance.
Solved! See The Solution
2015-06-03 04:10 AM
I discovered my issue, should anyone else come across this issue. I'm running Windows 7 64-bit with IE 10 and Java 8u45. I think the kicker is Java 8. Here is what I did to correct the issue:
Installed the latest version of OnCommand, which at this time is 3.1.2 RC2. On all of my filers I had to enable TLS, and to error on the side of caution I disabled SSLv2.
For those like me with little experience with NetApp, the command was "options tls.enable on" and "options ssl.v2.enable off"
filer_A> options ssl ssl.enable on ssl.v2.enable off ssl.v3.enable on filer_A> options tls