Thu May 26 15:25:14 PDT 2016 Clean Couchbase 4.1.1 installation No change in TLS configuration Getting Couchbase Server configuraiton and capture configuration value related to SSL / TLS 22- {{couchdb,max_parallel_indexers},4}, 23- {{couchdb,max_parallel_replica_indexers},2}, 24- {{node,'ns_1@127.0.0.1',rest},[{port,8091},{port_meta,global}]}, 25: {{node,'ns_1@127.0.0.1',ssl_rest_port},18091}, 26- {{node,'ns_1@127.0.0.1',capi_port},8092}, 27: {{node,'ns_1@127.0.0.1',ssl_capi_port},18092}, 28- {{node,'ns_1@127.0.0.1',query_port},8093}, 29: {{node,'ns_1@127.0.0.1',ssl_query_port},18093}, 30- {{node,'ns_1@127.0.0.1',projector_port},9999}, 31- {{node,'ns_1@127.0.0.1',xdcr_rest_port},9998}, 32- {{node,'ns_1@127.0.0.1',indexer_admin_port},9100}, -- 35- {{node,'ns_1@127.0.0.1',indexer_stinit_port},9103}, 36- {{node,'ns_1@127.0.0.1',indexer_stcatchup_port},9104}, 37- {{node,'ns_1@127.0.0.1',indexer_stmaint_port},9105}, 38: {{node,'ns_1@127.0.0.1',ssl_proxy_downstream_port},11214}, 39: {{node,'ns_1@127.0.0.1',ssl_proxy_upstream_port},11215}, 40- {rest_creds,[{creds,[]}]}, 41- {remote_clusters,[]}, 42- {{node,'ns_1@127.0.0.1',isasl}, -- 53- {{node,'ns_1@127.0.0.1',memcached_defaults}, 54- [{maxconn,30000}, 55- {dedicated_port_maxconn,5000}, 56: {ssl_cipher_list,"HIGH"}, 57- {verbosity,0}, 58- {breakpad_enabled,true}, 59- {breakpad_minidump_dir_path,"/opt/couchbase/var/lib/couchbase/crash"}, -- 61- {{node,'ns_1@127.0.0.1',memcached}, 62- [{port,11210}, 63- {dedicated_port,11209}, 64: {ssl_port,11207}, 65- {admin_user,"_admin"}, 66- {admin_pass,"f060047d1ce53db59a39d980b4d01e82"}, 67- {bucket_engine,"/opt/couchbase/lib/memcached/bucket_engine.so"}, -- 88- {port,dedicated_port}, 89- {maxconn,dedicated_port_maxconn}]}, 90- {[{host,<<"*">>}, 91: {port,ssl_port}, 92- {maxconn,maxconn}, 93: {ssl, 94- {[{key, 95- <<"/opt/couchbase/var/lib/couchbase/config/memcached-key.pem">>}, 96- {cert, 97- <<"/opt/couchbase/var/lib/couchbase/config/memcached-cert.pem">>}]}}]}]}}, 98: {ssl_cipher_list,{"~s",[ssl_cipher_list]}}, 99: {ssl_minimum_protocol,{memcached_config_mgr,ssl_minimum_protocol,[]}}, 100- {breakpad, 101- {[{enabled,breakpad_enabled}, 102- {minidump_dir,{memcached_config_mgr,get_minidump_dir,[]}}]}}, -- 138- {{request_limit,rest},undefined}, 139- {{request_limit,capi},undefined}, 140- {drop_request_memory_threshold_mib,undefined}]], 141: [[{ssl_minimum_protocol, 142- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631516785}}]}| 143: 'tlsv1.2']}, 144- {buckets, 145- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{16,63631516227}}]}, 146- {configs, -- 6493- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}, 6494- {port,11210}, 6495- {dedicated_port,11209}, 6496: {ssl_port,11207}, 6497- {admin_user,"_admin"}, 6498- {admin_pass,"f060047d1ce53db59a39d980b4d01e82"}, 6499- {bucket_engine,"/opt/couchbase/lib/memcached/bucket_engine.so"}, -- 6521- {port,dedicated_port}, 6522- {maxconn,dedicated_port_maxconn}]}, 6523- {[{host,<<"*">>}, 6524: {port,ssl_port}, 6525- {maxconn,maxconn}, 6526: {ssl, 6527- {[{key, 6528- <<"/opt/couchbase/var/lib/couchbase/config/memcached-key.pem">>}, 6529- {cert, 6530- <<"/opt/couchbase/var/lib/couchbase/config/memcached-cert.pem">>}]}}]}]}}, 6531: {ssl_cipher_list,{"~s",[ssl_cipher_list]}}, 6532: {ssl_minimum_protocol,{memcached_config_mgr,ssl_minimum_protocol,[]}}, 6533- {breakpad, 6534- {[{enabled,breakpad_enabled}, 6535- {minidump_dir,{memcached_config_mgr,get_minidump_dir,[]}}]}}, -- 6552- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}, 6553- {maxconn,30000}, 6554- {dedicated_port_maxconn,5000}, 6555: {ssl_cipher_list,"HIGH"}, 6556- {verbosity,0}, 6557- {breakpad_enabled,true}, 6558- {breakpad_minidump_dir_path,"/opt/couchbase/var/lib/couchbase/crash"}, -- 6576- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}, 6577- {port,8091}, 6578- {port_meta,global}]}, 6579: {{node,'ns_1@127.0.0.1',ssl_capi_port}, 6580- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}| 6581- 18092]}, 6582: {{node,'ns_1@127.0.0.1',ssl_proxy_downstream_port}, 6583- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}| 6584- 11214]}, 6585: {{node,'ns_1@127.0.0.1',ssl_proxy_upstream_port}, 6586- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}| 6587- 11215]}, 6588: {{node,'ns_1@127.0.0.1',ssl_query_port}, 6589- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}| 6590- 18093]}, 6591: {{node,'ns_1@127.0.0.1',ssl_rest_port}, 6592- [{'_vclock',[{<<"4717615d6deb068ea17d63904d34ef3e">>,{1,63631515967}}]}| 6593- 18091]}, 6594- {{node,'ns_1@127.0.0.1',uuid}, ----- Testing now (2016-05-26 15:25) ---> 127.0.0.1:18091 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts) Service detected: HTTP --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 offered (OK)  SPDY/NPN not offered Done now (2016-05-26 15:25) ---> 127.0.0.1:18091 (localhost) <--- ----- Testing now (2016-05-26 15:26) ---> 127.0.0.1:18092 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts) Service detected: HTTP --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 offered  TLS 1.1 offered  TLS 1.2 offered (OK)  SPDY/NPN not offered Done now (2016-05-26 15:26) ---> 127.0.0.1:18092 (localhost) <--- ----- Testing now (2016-05-26 15:26) ---> 127.0.0.1:18093 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts) Service detected: HTTP --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 offered (OK)  SPDY/NPN not offered Done now (2016-05-26 15:26) ---> 127.0.0.1:18093 (localhost) <--- ----- Testing now (2016-05-26 15:27) ---> 127.0.0.1:11207 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts) Service detected: Couldn't determine what's running on port 11207, assuming no HTTP service => skipping HTTP checks --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 offered (OK)  SPDY/NPN not offered Done now (2016-05-26 15:27) ---> 127.0.0.1:11207 (localhost) <--- ----- Testing now (2016-05-26 15:27) ---> 127.0.0.1:11214 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts) Service detected: Couldn't determine what's running on port 11214, assuming no HTTP service => skipping HTTP checks --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 offered (OK)  SPDY/NPN not offered Done now (2016-05-26 15:27) ---> 127.0.0.1:11214 (localhost) <--- ----- Testing now (2016-05-26 15:28) ---> 127.0.0.1:11215 (localhost) <--- rDNS (127.0.0.1): -- (A record via /etc/hosts)  127.0.0.1:11215 doesn't seem a TLS/SSL enabled server or it requires a certificate Service detected: Couldn't determine what's running on port 11215, assuming no HTTP service => skipping HTTP checks --> Testing protocols (via sockets except TLS 1.2 and SPDY/NPN)  SSLv2 not offered (OK)  SSLv3 not offered (OK)  TLS 1 not offered  TLS 1.1 not offered  TLS 1.2 not offered (NOT ok)  SPDY/NPN not offered Done now (2016-05-26 15:28) ---> 127.0.0.1:11215 (localhost) <--- End of Testing