Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-51602

Setting of min TLS version to 1.3 leads to inoperable ns_server

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Fixed
    • 7.1.0
    • 7.1.0
    • ns_server
    • Untriaged
    • 1
    • Unknown

    Description

      After setting of min TLS version to 1.3, web servers in ns_server fail to start:

      curl -v -u Administrator 'http://localhost:9000/settings/security/tlsMinVersion' -d 'tlsv1.3' | jq
      

      [error_logger:error,2022-03-25T12:28:37.598-07:00,n_0@cb.local:ns_ssl_services_sup<0.29299.0>:ale_error_logger_handler:do_log:101]
      =========================SUPERVISOR REPORT=========================
          supervisor: {local,ns_ssl_services_sup}
          errorContext: start_error
          reason: {shutdown,
                      {failed_to_start_child,menelaus_web_ipv4,
                          {options,dependency,
                              {secure_renegotiate,
                                  {versions,[tlsv1,'tlsv1.1','tlsv1.2']}}}}}
      

      Attachments

        Issue Links

          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            Build couchbase-server-7.1.0-2534 contains ns_server commit 17f83c8 with commit message:
            MB-51602: Filter out tls options that are not supported by tls1.3

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.1.0-2534 contains ns_server commit 17f83c8 with commit message: MB-51602 : Filter out tls options that are not supported by tls1.3

            Verified on 7.1.0-2534. Web server starts fine after setting min tls version to 1.3.

            sumedh.basarkod Sumedh Basarkod (Inactive) added a comment - Verified on 7.1.0-2534. Web server starts fine after setting min tls version to 1.3.

            Build couchbase-server-7.2.0-1043 contains ns_server commit 17f83c8 with commit message:
            MB-51602: Filter out tls options that are not supported by tls1.3

            build-team Couchbase Build Team added a comment - Build couchbase-server-7.2.0-1043 contains ns_server commit 17f83c8 with commit message: MB-51602 : Filter out tls options that are not supported by tls1.3

            People

              sumedh.basarkod Sumedh Basarkod (Inactive)
              timofey.barmin Timofey Barmin
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty