IM 2.0.02 login WebBrowser ERR_SSL_OBSOLETE_CIPHER

Hi Seiji,

I believe the problem lies with Chrome, not IM Gateway - if you paste this error ("ERR_SSL_OBSOLETE_CIPHER") in Google you will see many other users have issues with different websites as well - apparently they removed support for some ciphers in the newest version of Chrome.

For the time being I can only suggest two workaround - either downgrade Chrome or try to use Firefox/Safari or any other browser. I will check with the Eng if this error surfaced more times and if there are any plans for change the cipher set on the GW side, but I believe these workarounds should work.

Cheers,

Pawel

Hi Pawel

Thank you for your reply.

Speaking of the Chrome's error, we also tried with Firefox but the result's same,

The Firefox version is 38.3.0 (out of the supported one) though.

Now we decided to use IM of 2.0.0.1 to install ScaleIO 2.0.0.2. And it worked.

(It is a tough work to down and up-grade web browsers because it is a strict Sandbox environment.)

Like I said the installation was successful but there is a condition.

On IM's installation Configuration srcreen, go to "Set advanced options (optional)",

and select the following items.

- Disable secure communication with MDM

- DIsable secure communicatin with LIA

- Disable authentication in internal components

Otherwise, configure phase failed.

According to the deployment guide, the certificate is automatically created at the installation of Gateway server.

So we've made no additional settings on SSL things.

Besides, we can't login with ScaleIO GUI. The error says associated with the disabled secure communication.

The GUI is activated with the command: /opt/emc/scaleio/gui/run.sh

Click "Connect" after IP address, username, password are all filled in.

The the error message pops

"Certification

Cannot establish a secure connection. Click Allow Once to continue with a non-secure connection, or Allow Always to enable future no-secure connections from this client to host."

The point is there is no such Allow Once or Allow Always buttons or links on the message and GUI itself.

So it is impossible to login with GUI.

On the other hand, we can see all the nodes deployed in the HostList on IM's Maintain.

(We set the MDMs and LIAs Security disabled to retrieve the HostList on the Maintain menu)

So what can we do next?

Any instructions are appreciated.

Seiji

We are informing of our progress.

First, by replacing openjdk with oracle's jre, the web browser's protocol error was solved.

Now that we can login to the IM and it is also successful with of the version 2.0.0.2.

Second, the issue that we could not install ScaleIO with secure communications enabled has been also solved.

It was attributed that the OS's system clock was not right and out of the valid term of the SSL certificate.

We are sorry about the mess on it. As a result, ScaleIO GUI also works.

We do not take a look at the problem that the buttons or links to allow non-secure connection are not displayed on the GUI screen. It could be related to the screen resolution or such though.

Anyway, we're going to use ScaleIO with Openstack cinder driver.

hope nothing goes wrong.

Cheers,

Seiji

Hi Seiji,

Many thanks for your updates. I actually never tried JDK, always used JRE (1.8+) and it worked fine, so apparently these two work in a slightly different way when it comes to SSL sessions handling. And yes, if the date is incorrect, the SSL cert can be either expired or not yet valid, so that's definitely something to look into - thank you for sharing!

Pawel