Hi,
im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL certificates expired. After that, i changed all the certificates on the engine via "engine-upgrade" command and issued new vdsm client certificates. Then i copied the new certificates to my ovirt nodes and restarted vdsmd (systemctl restart vdsmd). Now i'm still not able to connect to my ovirt nodes. In the engine log i can see the following error: ### 2022-09-01 18:25:51,822+02 INFO [org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] Connecting to /192.168.xx.xx 2022-09-01 18:25:51,827+02 ERROR [org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable to process messages The server selected protocol version TLS10 is not accepted by client preferences [TLS12] 2022-09-01 18:25:51,829+02 ERROR [org.ovirt.engine.core.vdsbroker.monitoring.HostMonitoring] (EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to RefreshCapabilities: VDSNetworkException: VDSGenericException: VDSNetworkException: The server selected protocol version TLS10 is not accepted by client preferences [TLS12] ### I searched my vdsm client config but i cannot see any specific TLS version set (every option with TLS is commented - seems to be the default): ### $grep -R -i TLS /etc/vdsm/ /etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1 /etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. OP_NO_TLSv1, /etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are enabled. ### On the engine i didn't find any setting to set a specific TLS version - there seems to have been a setting (VdsmSSLProtocol) but that got deprecated years ago. Does anybody know why my engine is still not able to connect to the client vdsmd? I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't work ... Thanks Regards, Kilian PS: Name : vdsm Architektur : x86_64 Version : 4.19.37 Ausgabe : 1.el7.centos Name : ovirt-engine Architektur : noarch Version : 4.2.8.2 Ausgabe : 1.el7
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/QCSD37GWDX5WX7K4AWM7EE3NVZBMJN5I/
