Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4615
Views
0
Helpful
5
Replies

CNA 6.3(1) https connection failure: SSL handshake process failed

matthew.jacobsen
Level 1
Level 1

‎06-15-2017 10:50 AM

Hello,

I am attempting to use CNA 6.3(1) to manage a number of 3850 and 2960-X switches, however I'm unable to connect to them over https. I have enabled "ip http secure-server". If I enable "ip http server", I am able to make an http connection.

IOS versions:

3850: IOS-XE 3.6.4.E

2960-X: IOS 15.2(2)E6

I have enabled the following debugging options:

debug ip http ssl error

debug ssl openssl errors

When attempting to make a connection, I receive the following output on the console:

CRYPTO_OPSSL: SSL3.0 is no longer supported. Enabling only TLSv1.

opssl_SetPKIInfo entry

CRYPTO_OPSSL: Got router SIGNATURE private key

opssl SetPKIInfo done.

And I receive the following message from CNA:

Unable to connect. SSL handshake process failed. The secure connection through HTTPS could not be established.

By running the above debugs, I've confirmed that CNA first tries https, and then falls back to http if that fails. It appears to be a cipher suite issue, where the switch and CNA can't agree on a cipher set. Has anyone else experienced this problem, and is there a workaround other than using http?

Thanks in advance,

Matt

5 people had this problem
Labels:
0 Helpful