Channels
- n
nick fury
2 days agowhen im trying load my fleet webserver at k8s I am getting the error message "Error: tls: no cipher suite supported by both client and server". does anyone know the solution for this problem? thanks. 
Luke Heath
2 days agoHi Nick, happy to help you troubleshoot. Can you let me know what your infrastructure looks like? Are you deploys k8s on AWS EC2? Are you using a load balancer like ALB?- n
nick fury
2 days ago@Luke Heath load balancer 
zwass
2 days agoWhere is that being logged?- n
nick fury
1 day agoat the pod of the fleet web server
the load balancer is f5 Luke Heath
1 day agoIt sounds like the F5 configuration is not setup with a modern set of ciphers or doesn't have TLS 1.2 turned on. Try referencing https://support.f5.com/csp/article/K01770517 and make sure you are using a TLS 1.2 cipher.
If that's not the issue, other thoughts would be TLS to redis or MySQL from fleet could have a cipher issue depending upon the specific log entries. In that case, you'd want to check the logs there.- n
nick fury
16 hours agohttps://osquery.slack.com/archives/C01DXJL16D8/p1655914648723289?thread_ts=1655819083.815489&cid=C01DXJL16D8 thanks I will check it
@User if it helps when i used the ALB at fleet 3.5.1 (not k8s) it worked well and when i tried to update to k8s to fleet 4.9.1 that error happens to the ALB zwass
7 hours agoSeems like it might be because the Go version was bumped between those releases and that removed some really old ciphers from the Go server support.
Maybe it's easiest to turn off TLS termination on Fleet and just let your LB terminate without reencryption?
View count: 1