Channels
  • n

    nick fury

    2 days ago
    when im trying load my fleet webserver at k8s I am getting the error message "Error: tls: no cipher suite supported by both client and server". does anyone know the solution for this problem? thanks.
  • Luke Heath

    Luke Heath

    2 days ago
    Hi Nick, happy to help you troubleshoot. Can you let me know what your infrastructure looks like? Are you deploys k8s on AWS EC2? Are you using a load balancer like ALB?
  • n

    nick fury

    2 days ago
    @Luke Heath load balancer
  • zwass

    zwass

    2 days ago
    Where is that being logged?
  • n

    nick fury

    1 day ago
    at the pod of the fleet web server
    the load balancer is f5
  • Luke Heath

    Luke Heath

    1 day ago
    It sounds like the F5 configuration is not setup with a modern set of ciphers or doesn't have TLS 1.2 turned on. Try referencing https://support.f5.com/csp/article/K01770517 and make sure you are using a TLS 1.2 cipher.
    If that's not the issue, other thoughts would be TLS to redis or MySQL from fleet could have a cipher issue depending upon the specific log entries. In that case, you'd want to check the logs there.
  • n

    nick fury

    16 hours ago
    https://osquery.slack.com/archives/C01DXJL16D8/p1655914648723289?thread_ts=1655819083.815489&cid=C01DXJL16D8 thanks I will check it
    @User if it helps when i used the ALB at fleet 3.5.1 (not k8s) it worked well and when i tried to update to k8s to fleet 4.9.1 that error happens to the ALB
  • zwass

    zwass

    7 hours ago
    Seems like it might be because the Go version was bumped between those releases and that removed some really old ciphers from the Go server support.
    Maybe it's easiest to turn off TLS termination on Fleet and just let your LB terminate without reencryption?