-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Init websocket connection failed remote error: tls: handshake failure #1699
Comments
I have inspect the CA and certificates are correctly fetch by edgecore.
|
more digging, func createTLSConfig(ca, cert, key []byte) tls.Config {
// init certificate
pool := x509.NewCertPool()
ok := pool.AppendCertsFromPEM(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: ca}))
if !ok {
panic(fmt.Errorf("fail to load ca content"))
}
certificate, err := tls.X509KeyPair(pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: cert}), pem.EncodeToMemory(&pem.Block{Type: "PRIVATE KEY", Bytes: key}))
if err != nil {
panic(err)
}
return tls.Config{
ClientCAs: pool,
ClientAuth: tls.RequireAndVerifyClientCert,
Certificates: []tls.Certificate{certificate},
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256},
}
} However, ECDSA are use to generate key, see below.
ECDHA key(and certificates) is not match RSA cipher, see openssl notes
So, I believe the mismatch of cipher and certificates caused tls handshake failure |
/assign |
add DSA cipher in tls config to support both RSA and DSA certificates Fixes kubeedge#1699
add DSA cipher in tls config to support both RSA and DSA certificates Fixes kubeedge#1699
so,how to resolve this proble? |
|
What happened:
edgecore cannot connect to cloudcore. I have try both websocket and quic.
logs as below
What you expected to happen:
edgecore connected to cloudcore.
How to reproduce it (as minimally and precisely as possible):
use latest version of kubeedge(version >= 1.3)
and use auto Certificates generating feature.
Anything else we need to know?:
Environment:
cloudcore/edgecore --version
):KubeEdge v1.3.0-4+a2f16443495233-dirty
CloudSide Environment:
cat /etc/os-release
): CentOS 7EdgeSide Environment:
cat /etc/os-release
): CentOS 7The text was updated successfully, but these errors were encountered: