Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-40723

[NetApp RHEL 9.5 Bug]: NVMe/TCP TLS connection fails due to handshake failure

XMLWordPrintable

    • sst_security_crypto
    • ssg_security
    • 19
    • 28
    • 0.1
    • QE ack, Dev ack
    • False
    • Hide

      None

      Show
      None
    • No
    • Red Hat Enterprise Linux
    • Crypto24Q2, Crypto24Q3
    • Release Note Not Required
    • None

      Libnvme currently links to openssl and uses the openssl APIs for TLS PSK computation. We noticed NVMe/TCP TLS connection failures, which were later traced to TLS handshake failures from the logs.

      1. nvme connect -t tcp -w 10.231.152.100  -a 10.232.130.250 -n nqn.1992-08.com.netapp:sn.2af740e2b8fe11ee8b08d039ea3b292e:subsystem.ss2 --tls --tls_key=0x2bc2ae2e
        Failed to write to /dev/nvme-fabrics: Input/output error
        could not add new controller: failed to write to nvme-fabrics device

      And tailing the messages file revealed the TLS handshake error:

      1. tail -f /var/log/messages
        2024-06-04T12:36:48.503021-04:00 ste-san-02 tlshd[30037]: gnutls: A TLS fatal alert has been received. (-12)
        2024-06-04T12:36:48.503124-04:00 ste-san-02 tlshd[30037]: Handshake with 'ste-virt-a400-02-d1.gdl.englab.netapp.com' (10.232.130.250) failed
        ^C

            rh-ee-gpantela George Pantelakis
            marting_netapp Martin George
            NetApp Confidential Group
            Dmitry Belyavskiy Dmitry Belyavskiy
            George Pantelakis George Pantelakis
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated: