Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-53044

Unable to make TLS v1.1 connections to ingress despite it being enabled

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Minor Minor
    • None
    • 4.16.0
    • Networking / router
    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • 1
    • Important
    • Yes
    • None
    • None
    • Rejected
    • NI&D Sprint 268
    • 1
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Unable to communicate with ingress using TLS v1.1, despite TLS v1.1 being enabled in the ingress-controller. Official documentation states that v1.1 is a supported version ('old' TLS profile) foir backwards compatibility.  

      Version-Release number of selected component (if applicable):

      4.16.x

      How reproducible:

      $ curl -kv --tlsv1.1 --tls-max 1.1 --resolve console-openshift-console.apps.poc.openshift.local:443:10.1.10.86 $CONSOLE    

      Steps to Reproduce:

      1. Enable tlsv1.1



 $ curl -kv --tlsv1.1 --tls-max 1.1 --resolve console-openshift-console.apps.poc.openshift.local:443:10.1.10.86    
     $CONSOLE

      Actual results:

      Curl commands fails

....
 * TLSv1.3 (OUT), TLS alert, internal error (592): 
* error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available
curl: (35) error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available
....  

      Expected results:

      Curl command completes successfully

      Additional info:

              nid-team-bot NID Team Bot
              rhn-support-mirollin Mitchell Rollinson (Inactive)
              None
              None
              Hongan Li Hongan Li
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: