Title
#fleet
n

nick fury

06/21/2022, 1:44 PM
when im trying load my fleet webserver at k8s I am getting the error message "Error: tls: no cipher suite supported by both client and server". does anyone know the solution for this problem? thanks.
Luke Heath

Luke Heath

06/21/2022, 4:50 PM
Hi Nick, happy to help you troubleshoot. Can you let me know what your infrastructure looks like? Are you deploys k8s on AWS EC2? Are you using a load balancer like ALB?
n

nick fury

06/21/2022, 8:42 PM
@Luke Heath load balancer
zwass

zwass

06/21/2022, 9:24 PM
Where is that being logged?
n

nick fury

06/22/2022, 6:56 AM
at the pod of the fleet web server
10:32 AM
the load balancer is f5
Luke Heath

Luke Heath

06/22/2022, 4:16 PM
It sounds like the F5 configuration is not setup with a modern set of ciphers or doesn't have TLS 1.2 turned on. Try referencing https://support.f5.com/csp/article/K01770517 and make sure you are using a TLS 1.2 cipher.
4:17 PM
If that's not the issue, other thoughts would be TLS to redis or MySQL from fleet could have a cipher issue depending upon the specific log entries. In that case, you'd want to check the logs there.
7:01 AM
@Luke Heath if it helps when i used the ALB at fleet 3.5.1 (not k8s) it worked well and when i tried to update to k8s to fleet 4.9.1 that error happens to the ALB
zwass

zwass

06/23/2022, 3:37 PM
Seems like it might be because the Go version was bumped between those releases and that removed some really old ciphers from the Go server support.
3:37 PM
Maybe it's easiest to turn off TLS termination on Fleet and just let your LB terminate without reencryption?
n

nick fury

06/26/2022, 8:01 AM
@zwass am I turning off tls termination with the flag:
server:
    tls: false
or should i do something else?
zwass

zwass

06/27/2022, 6:52 PM
That looks right
n

nick fury

07/10/2022, 10:32 AM
Kathy Satterlee

Kathy Satterlee

07/16/2022, 6:16 PM
It looks like that bump happened in 3.13.0