Connectivity issue with Ontap 8.1 RC1 with TLS mode

teksreenath · ‎2015-07-03

I have disabled ssl and configured TLS on Ontap 8.1 RC1. Now I am not able to connect through Ontap 1.1 API.

bas-netappv81> options ssl
ssl.enable on
ssl.v2.enable off
ssl.v3.enable off

bas-netappv81> options tls
tls.enable on

I got the below exception:

javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
at sun.security.ssl.ClientHandshaker.serverHello(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at java.io.OutputStream.write(Unknown Source)
at netapp.manage.http.HTTPMessage.write(HTTPMessage.java:327)
at netapp.manage.http.HTTPClient.doRequest(HTTPClient.java:382)
at netapp.manage.NaServer.invokeHTTP(NaServer.java:783)
at netapp.manage.NaServer.invokeElem(NaServer.java:577)

Since the JRE 1.8 supports TLS by default, I have used the same JRE 1.8. Could anyone please point out whether I need to set any property in client side to enable TLS protocol?

teksreenath · ‎2015-07-08

Team,

I have gone through the various release documents. Looks like NetApp has provided TLS support in 5.0. So I have used manageontap-5.2.2.jar from SDK 5.2.2. Now I am able to connect NetApp Ontap 8.1 with TLS enabled.

Thanks.

Racoon · ‎2015-07-08

There was a bug in Ontap 7 and a workaround: Enable SSLv3 and keep SSLv2 disabled

ssl.enable on

ssl.v2.enable off

ssl.v3.enable on

myfiler> options tls

tls.enable on