Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6010
Views
0
Helpful
4
Replies

Received fatal alert: handshake_failure

Go to solution
michelvankessel
Level 5
Level 5

‎08-19-2015 06:30 AM - edited ‎03-01-2019 04:51 AM

Hello All,

UCS Director 5.3 is not compatible with APIC 1.1.x versions. This is also mentioned in the APIC release notes.

But, when we were running version 1.1.1o it did work fine no issues at all. This is a LAB environment so no production. Since we upgraded to version 1.1.2h the communiction has been broken, and I see a handshake failure in the UCSD logging

2015-08-19 09:55:53,575 [pool-1-thread-34] INFO  newAccountAdded(PhysicalAccountManager.java:55) - Processing new account addition: APIC
2015-08-19 09:55:53,576 [pool-1-thread-34] INFO  handleAddAccount(AbstractAccountHandler.java:38) - adding account to system
2015-08-19 09:55:53,592 [pool-1-thread-34] ERROR execute(HttpConnector.java:269) - Received fatal alert: handshake_failure
2015-08-19 09:55:53,592 [pool-1-thread-34] INFO  checkReachabilityAndLogin(ApicUtils.java:376) - checkReachabilityAndLogin start..!
2015-08-19 09:55:53,597 [pool-1-thread-34] ERROR execute(HttpConnector.java:269) - Received fatal alert: handshake_failure
2015-08-19 09:55:53,601 [pool-1-thread-34] INFO  setEmbeddedLOVs(Page.java:722) - set embedded lov 2 for APICspecific.props.id.pod

I know it is not a supported setup, but has anyone have the same issue and was able to solve it? 

 

Thanks

Michel van Kessel

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
mtimm
Cisco Employee
Cisco Employee
In response to michelvankessel

‎08-20-2015 08:29 AM

In 1.1(2h) the supported cipher list for SSL has been greatly reduced.  UCSD is greatly behind the times when it comes to https security but the integration with ACI and the APIC is forcing it forward and later versions will need to support TLSv1.1/TLSv1.2 with more secure ciphers.

 

Mike

View solution in original post

0 Helpful
4 Replies 4

Go to solution
mikriple
Level 1
Level 1

‎08-19-2015 06:44 AM

Hey Michel,

 

The "Received fatal alert: handshake_failure" could be a few things but more than likely due to incompatible SSL versions in use. You need TLS 1.0 for UCSD integration.

 

A good check would be to go to Fabric>Fabric Policies>Pod Policies>Policies>Communication>PolicyName then see if under HTTPS that TLSv1 is unchecked.

 

I would wait until UCSD is fully supported in 1.1(xx) to make sure you avoid running into any issues and also so we can offer you full support.

 

Thanks,

 

Mike Ripley

0 Helpful

Go to solution
michelvankessel
Level 5
Level 5
In response to mikriple

‎08-19-2015 06:53 AM

Hello Mike,

Indeed I had to enable TLSv1.0 for 1.1.1o, and worked fine. I guess something else changed in version 1.1.2h. tried all three TLS subversion to see if something changes. But no luck

This is a Lab environment for testing only, so it is not a big issues. I was wondering if this was a known issue.

Michel

0 Helpful

Go to solution
mtimm
Cisco Employee
Cisco Employee
In response to michelvankessel

‎08-20-2015 08:29 AM

In 1.1(2h) the supported cipher list for SSL has been greatly reduced.  UCSD is greatly behind the times when it comes to https security but the integration with ACI and the APIC is forcing it forward and later versions will need to support TLSv1.1/TLSv1.2 with more secure ciphers.

 

Mike

0 Helpful

Go to solution
michelvankessel
Level 5
Level 5
In response to mtimm

‎08-24-2015 08:21 AM

thanks Mike! I will ask the UCSD folks if and when there will be an update scheduled.

Regards

Michel

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License