[I] TLSv1.3 support for Cloudstack [cloudstack]

via GitHub Tue, 10 Mar 2026 06:07:38 -0700


mbertolina opened a new issue, #12784:
URL: https://github.com/apache/cloudstack/issues/12784


   ### The required feature described as a wish
   
   Is there a plan to support TLSv1.3 on Cloudstack environment (Management 
server, agent, SystemVM templates).
   
   When forcing java runtime environment to use TLSv1.3 only on both management 
server and host side using update-crypto-policies on RHEL9, cloudstack agent 
sends TLSv1.2 on the TLS hello message, making TLS session not possible, 
reporting the following error messages:
   
   `#  java -XshowSettings:security:all -version
   :
       Security TLS configuration (SunJSSE provider):
           Enabled Protocols:
               TLSv1.3
   
           Enabled Cipher Suites:
               TLS_AES_256_GCM_SHA384
               TLS_AES_128_GCM_SHA256
               TLS_CHACHA20_POLY1305_SHA256
   
   openjdk version "21.0.10" 2026-01-20 LTS
   OpenJDK Runtime Environment (Red_Hat-21.0.10.0.7-1) (build 21.0.10+7-LTS)
   OpenJDK 64-Bit Server VM (Red_Hat-21.0.10.0.7-1) (build 21.0.10+7-LTS, mixed 
mode, sharing)
   # 
   # tail -f /var/log/cloudstack/agent/agent.log
   :
   2026-03-06 13:59:04,994 INFO  [utils.nio.Link] (main:[]) (logid:) Conf file 
found: /etc/cloudstack/agent/agent.properties
   2026-03-06 13:59:05,020 ERROR [utils.nio.NioClient] (main:[]) (logid:) 
IOException while connecting to 108.145.116.84:8250 
javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is 
disabled or cipher suites are inappropriate)
           at 
java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:163)
           at 
java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:103)
           at 
java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:252)
           at 
java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:107)
           at com.cloud.utils.nio.NioClient.init(NioClient.java:73)
           at com.cloud.utils.nio.NioConnection.start(NioConnection.java:109)
           at com.cloud.agent.Agent.start(Agent.java:338)
           at com.cloud.agent.AgentShell.launchNewAgent(AgentShell.java:477)
           at 
com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:454)
           at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:438)
           at com.cloud.agent.AgentShell.start(AgentShell.java:539)
           at com.cloud.agent.AgentShell.main(AgentShell.java:569)
   
   2026-03-06 13:59:05,020 ERROR [utils.nio.NioClient] (main:[]) (logid:) 
Unable to initialize the threads. javax.net.ssl.SSLHandshakeException: No 
appropriate protocol (protocol is disabled or cipher suites are inappropriate)
           at 
java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:163)
           at 
java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:103)
           at 
java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:252)
           at 
java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:107)
           at com.cloud.utils.nio.NioClient.init(NioClient.java:73)
           at com.cloud.utils.nio.NioConnection.start(NioConnection.java:109)
           at com.cloud.agent.Agent.start(Agent.java:338)
           at com.cloud.agent.AgentShell.launchNewAgent(AgentShell.java:477)
           at 
com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:454)
           at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:438)
           at com.cloud.agent.AgentShell.start(AgentShell.java:539)
           at com.cloud.agent.AgentShell.main(AgentShell.java:569)
   
   2026-03-06 13:59:05,020 INFO  [utils.nio.NioClient] (main:[]) (logid:) 
NioClient connection closed
   2026-03-06 13:59:05,020 INFO  [cloud.agent.Agent] (main:[]) (logid:) 
Attempted to connect to the server, but received an unexpected exception, 
trying again... com.cloud.utils.exception.NioConnectionException: No 
appropriate protocol (protocol is disabled or cipher suites are inappropriate)
           at com.cloud.utils.nio.NioConnection.start(NioConnection.java:115)
           at com.cloud.agent.Agent.start(Agent.java:338)
           at com.cloud.agent.AgentShell.launchNewAgent(AgentShell.java:477)
           at 
com.cloud.agent.AgentShell.launchAgentFromClassInfo(AgentShell.java:454)
           at com.cloud.agent.AgentShell.launchAgent(AgentShell.java:438)
           at com.cloud.agent.AgentShell.start(AgentShell.java:539)
           at com.cloud.agent.AgentShell.main(AgentShell.java:569)
   Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol 
(protocol is disabled or cipher suites are inappropriate)
           at 
java.base/sun.security.ssl.HandshakeContext.<init>(HandshakeContext.java:163)
           at 
java.base/sun.security.ssl.ClientHandshakeContext.<init>(ClientHandshakeContext.java:103)
           at 
java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:252)
           at 
java.base/sun.security.ssl.SSLEngineImpl.beginHandshake(SSLEngineImpl.java:107)
           at com.cloud.utils.nio.NioClient.init(NioClient.java:73)
           at com.cloud.utils.nio.NioConnection.start(NioConnection.java:109)
           ... 6 more
   #`


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

[I] TLSv1.3 support for Cloudstack [cloudstack]

Reply via email to