Submit a ticketCall us

ebook60.pngHow to be a Cisco® ASA ace

Our eBook, Thou Shalt Not Pass…I Think?! can help you overcome the challenges of monitoring and managing Cisco ASA firewalls. This eBook is a great read if you’ve been frustrated with monitoring firewalls, managing ACL configs, and troubleshooting VPN connections.

Get your free eBook.

Home > Success Center > Storage Manager (STM) > STM - Knowledgebase Articles > Storage Manager is unable to connect to NetApp Filer when using SSL v3

Storage Manager is unable to connect to NetApp Filer when using SSL v3

Overview

When using ONTAP 7.x and SSL v3, connectivity issues may be encountered when Storage Manager tries to collect data from the NetApp filer. An error similar to the following may be generated:

Unexpected I/O exception occurred:

-----

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

          at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)

          at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)

          at java.io.OutputStream.write(Unknown Source)

          at netapp.manage.http.HTTPMessage.write(HTTPMessage.java:327)

          at netapp.manage.http.HTTPClient.doRequest(HTTPClient.java:382)

          at netapp.manage.NaServer.invokeHTTP(NaServer.java:783)

          at netapp.manage.NaServer.invokeElem(NaServer.java:577)

 

Caused by: java.io.EOFException: SSL peer shut down incorrectly

          at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)

-----

Storage Manager does not have any issues collecting when SSL v2 is used.

Environment

All STM versions

Resolution

NetApp has recognized this as a bug with ONTAP 7.x versions. The workaround is to enable the TLS in addition to SSL v3 (keeping SSL v2 disabled).

Example:

-----
myfiler> options ssl

 

ssl.enable                   on        

ssl.v2.enable                off       

ssl.v3.enable                on        

myfiler> options tls

tls.enable                   on        

myfiler>

-----

The expected result is that Storage Manager will be able to collect from the NetApp Filer while using SSL v3.

Last modified

Tags

Classifications

Public