[Kea-users] TLS for the communication between Stork Agent and Kea Control Agent
Francis Dupont
fdupont at isc.org
Mon Feb 7 11:12:51 UTC 2022
Maria Hrabosova writes:
> 2022-02-03 08:05:04.134 INFO [kea-ctrl-agent.http/7518.139986295949504]
> HTTP_CONNECTION_HANDSHAKE_FAILED TLS handshake with 192.168.1.42 failed
> with no shared cipher
The "no shared cipher" error from OpenSSL can come from many reasons but
all are about incompability between OpenSSL defaults and the Stork PKI.
If you do not want to simply create a simple PKI and import certificates
from it in Stork and Kea, I suggest:
- dump the certificates in order to understand what crypto they use
- get the OpenSSL build configuration, in particular for "new" crypto
if the OpenSSL library version is old
- dump the handshake messages on the wire: they are in clear text
Regards
Francis Dupont <fdupont at isc.org>
More information about the Kea-users
mailing list