Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40723

[NetApp RHEL 9.5 Bug]: NVMe/TCP TLS connection fails due to handshake failure

    • rhel-sst-security-crypto
    • ssg_security
    • 19
    • 28
    • 0.1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • Crypto24Q2, Crypto24Q3
    • Release Note Not Required
    • None

      Libnvme currently links to openssl and uses the openssl APIs for TLS PSK computation. We noticed NVMe/TCP TLS connection failures, which were later traced to TLS handshake failures from the logs.

      1. nvme connect -t tcp -w 10.231.152.100  -a 10.232.130.250 -n nqn.1992-08.com.netapp:sn.2af740e2b8fe11ee8b08d039ea3b292e:subsystem.ss2 --tls --tls_key=0x2bc2ae2e
        Failed to write to /dev/nvme-fabrics: Input/output error
        could not add new controller: failed to write to nvme-fabrics device

      And tailing the messages file revealed the TLS handshake error:

      1. tail -f /var/log/messages
        2024-06-04T12:36:48.503021-04:00 ste-san-02 tlshd[30037]: gnutls: A TLS fatal alert has been received. (-12)
        2024-06-04T12:36:48.503124-04:00 ste-san-02 tlshd[30037]: Handshake with 'ste-virt-a400-02-d1.gdl.englab.netapp.com' (10.232.130.250) failed
        ^C

              rh-ee-gpantela George Pantelakis
              marting_netapp Martin George
              NetApp Confidential Group
              Dmitry Belyavskiy Dmitry Belyavskiy
              George Pantelakis George Pantelakis
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

                Created:
                Updated:
                Resolved: