[Kea-users] CA HANDSHAKE_FAILED TLS failed with wrong version number
Rick Frey
gribnut at gmail.com
Fri Dec 29 00:36:17 UTC 2023
Hello CS,
It is helpful to know which version of Kea you are using. Based upon your earlier thread, assuming you are running Kea 2.2.0?
As noted in the Kea documentation, TLS support is provided by the underlying crypto library used to build your package of Kea. See https://kea.readthedocs.io/en/kea-2.4.1/arm/security.html. TLS 1.3 is supported when built with appropriate version of crypto library.
Assuming Kea DHCP server and kea-shell are able to communicate with your CA over TLS and issue is limited to the micetro client. While micetro capabilities is not a topic for this mailing list, you may want to verify that micetro supports TLS connections to the Kea CA (or run a packet capture to see if using HTTPS and TLS version supported by client). I believe the same/similar error occurs if the client attempts to connect via non-TLS/plain HTTP to a CA configured to use TLS.
> On Dec 28, 2023, at 5:07 PM, CS <cs.temp.mail at gmail.com> wrote:
>
> Hey,
> Trying to associate my kea instance with micetro but when addinging it logs the following error:
> HTTP_CONNECTION_HANDSHAKE_FAILED TLS handshake with x.x.x.x failed with wrong version number
> While this may be a problem to be solved on the micetro side, not here with ya'll, kea is the one with the best error (Micetro just says: "Unable to connect") and only asks for a hostname or ip address (refusing any elaborations like https)
>
> This sounds like a TLS 1.0-1.3 issue to me. Any idea what kea CA is looking for?
>
> CS, cs.Temp.Mail at gMail.com
> --
> ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.
>
> To unsubscribe visit https://lists.isc.org/mailman/listinfo/kea-users.
>
> Kea-users mailing list
> Kea-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/kea-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/kea-users/attachments/20231228/2d4076ad/attachment.htm>
More information about the Kea-users
mailing list