Software Development Kit (SDK) and API Discussions

Connection Failure for NETAPP 7-mode filers while using HTTPS Connection

Shivang

I am trying to connect with Netapp 7-mode filer(ONTAP server) from my machine(Client) on https protocol and port 443 using HTTPSConnection module.

 

The client machine is using following packages for connection:

Python 2.7.13

OpenSSL 1.0.2k-fips  26 Jan 2017

 

I am getting error while connection:

"(<class 'ssl.SSLError'>, SSLError(1, u'[SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:676)'), <traceback object at 0x7f29095a29e0>)"

 

I can connect with Cluster-mode filers successfully.

 

Here content is "<?xml version='1.0' encoding='utf-8'?>
<!DOCTYPE netapp SYSTEM 'file:/etc/netapp_filer.dtd'><netapp version="1.13" xmlns="http://www.netapp.com/filer/admin"><system-get-ontapi-version></system-get-ontapi-version></netapp>" : API call for getting ontapi version

 

 

try:
    connection = httplib.HTTPSConnection(server, port=443, timeout=300)
    connection.putrequest("POST", FILER_URL)
    connection.putheader("Content-type", "text/xml; charset=\"UTF-8\"")
    connection.putheader("Content-length", str(len(content)))
    base64string = base64.encodestring("%s:%s" %(user,password))[:-1]
    authheader = "Basic %s" %base64string
    connection.putheader("Authorization", authheader)
    connection.endheaders()
    connection.send(content)
except socket.error :
    message = sys.exc_info()
    print message
    exit(0)

 

 

I have already enabled tls on Server.

 

 

myfiler> options ssl
ssl.enable                 on        
ssl.v2.enable              off       
ssl.v3.enable              on        
myfiler> options tls
tls.enable                 on  

Can anyone help us to figure out the solution?

Does 7-mode Filer support to tls1.2? If not then how to make a connection using python 2.7.13 packages?

 

 

 

2 REPLIES 2

SeanHatfield

 The next thing to check is the key length.  By default its only 512 bits.  You may need to re-run secureadmin setup and generate a new certificate:

secureadmin disable ssl
secureadmin setup -f ssl

Try it with a key length of at least 1024.

 

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Niclas

Nice, that worked for me

Announcements
NetApp on Discord Image

We're on Discord, are you?

Live Chat, Watch Parties, and More!

Explore Banner

Meet Explore, NetApp’s digital sales platform

Engage digitally throughout the sales process, from product discovery to configuration, and handle all your post-purchase needs.

Public