Software Development Kit (SDK) and API Discussions

Connection Failure for NETAPP 7-mode filers while using HTTPS Connection

Shivang
3,903 Views

I am trying to connect with Netapp 7-mode filer(ONTAP server) from my machine(Client) on https protocol and port 443 using HTTPSConnection module.

 

The client machine is using following packages for connection:

Python 2.7.13

OpenSSL 1.0.2k-fips  26 Jan 2017

 

I am getting error while connection:

"(<class 'ssl.SSLError'>, SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)'), <traceback object at 0x7f29095a29e0>)"

 

I can connect with Cluster-mode filers successfully.

 

Here content is "<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE netapp SYSTEM 'file:/etc/netapp_filer.dtd'><netapp version="1.13" xmlns="http://www.netapp.com/filer/admin"><system-get-ontapi-version></system-get-ontapi-version></netapp>" : API call for getting ontapi version

 

 

try:
    connection = httplib.HTTPSConnection(server, port=443, timeout=300)
    connection.putrequest("POST", FILER_URL)
    connection.putheader("Content-type", "text/xml; charset=\"UTF-8\"")
    connection.putheader("Content-length", str(len(content)))
    base64string = base64.encodestring("%s:%s" %(user,password))[:-1]
    authheader = "Basic %s" %base64string
    connection.putheader("Authorization", authheader)
    connection.endheaders()
    connection.send(content)
except socket.error :
    message = sys.exc_info()
    print message
    exit(0)

 

 

I have already enabled tls on Server.

 

 

myfiler> options ssl
ssl.enable                 on        
ssl.v2.enable              off       
ssl.v3.enable              on        
myfiler> options tls
tls.enable                 on  

Can anyone help us to figure out the solution?

Does 7-mode Filer support to tls1.2? If not then how to make a connection using python 2.7.13 packages?

 

 

 

2 REPLIES 2

SeanHatfield
3,839 Views

 The next thing to check is the key length.  By default its only 512 bits.  You may need to re-run secureadmin setup and generate a new certificate:

secureadmin disable ssl
secureadmin setup -f ssl

Try it with a key length of at least 1024.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Niclas
3,713 Views

Nice, that worked for me

Public