Issue making TLS connection from API Gateway to Kubernetes Nginx Ingress. API gateway shows error "General SSLEngine problem"

[bhushan558]

NGINX Ingress controller version: 0.29.0

Kubernetes version (use kubectl version): 1.12

Environment:

• Cloud provider or hardware configuration: AWS
• OS (e.g. from /etc/os-release): CentOS
• Kernel (e.g. uname -a):
• Install tools:
• Others:

What happened:

Issue making TLS connection from API Gateway to Kubernetes Nginc Ingress. API gateway shows error "General SSLEngine problem"

What you expected to happen:
API gateway should send traffic to Nginix Ingress controller and to service/pods

We tried using the Annotation "nginx.ingress.kubernetes.io/default-backend: " with nginx ingress controller to override the default server block for NGINX that will match to the actual server block

    - --default-backend-service=default/kuard
    - --default-ssl-certificate=default/quickstart-example-tls

The certificate used by us is already listed on AWS API Gateway list of trusted certificate authorities and while checking further I found backend is using SNI which is not supported by VPC Link integrations.

Is there any workaround for this issue?

Try to ping the API gateway service, and integrate using VPC link. You will get General SSL Engine error

Is SNI causing this problem, when i take off certificate and change endpoint url from HTTPS to HTTP, it works perfect. Issue is when i do TLS.

[aledbf]

I found backend is using SNI which is not supported by VPC Link integrations.

SNI is mandatory if you are using ingresses with values in the host field.

Is there any workaround for this issue?

No.