On Tue, Jun 15, 2021, at 5:47 AM, Bret Wortman via FreeIPA-users wrote: > On Mon, Jun 14, 2021, at 3:47 PM, Rob Crittenden wrote: > > Bret Wortman via FreeIPA-users wrote: > > > This appears to be the error, or at least it's the only "fatal" I could > > > find in the stream and it's near enough to the end of traffic that it > > > seems likely. I'm no expert on Wireshark so I'm hoping someone is willing > > > to take a peek and let me know if there's something obvious here. > > > > > > https://gist.github.com/wortmanb/d3b1cb38e894d1fb0578ab05e459b178 > > > > > > > > > > Are you sure you aren't seeing a connect error on the F21 Apache server? > > This looks to me like an untrusted CA or something like it. > > Not that I'm aware of. We haven't touched those servers in ages (hence > the F21). Where would we be most likely to see the connect error on the > server? I may have missed a log file. Bingo!
192.168.2.215 - - [17/Jun/2021:07:11:28 -0400] "GET /ca/rest/securityDomain/domainInfo HTTP/1.1" 200 190 192.168.2.215 - - [17/Jun/2021:07:11:28 -0400] "GET /ca/rest/account/login HTTP/1.1" 200 188 192.168.2.215 - - [17/Jun/2021:07:11:30 -0400] "GET /ca/rest/account/logout HTTP/1.1" 204 - [Thu Jun 17 07:11:41.806659 2021] [:error] [pid 921] SSL Library Error: -12286 No common encryption algorithm(s) with client I don't think we adjusted the SSL configs on either end... > > Have you replaced any of your IPA certs on the F21 server? Signed the > > IPA CA with an external? > > I'll double-check today but not that I'm aware of. > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to > freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure