Re: [bareos-users] TLS-PSK

Thu, 28 May 2020 23:22:13 -0700 

You may want to have a closer look into the documentation here:

https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html
The thing is that TLS configuration is not symetrical in all directions. Therefore we mention the odd things in the same chapter here: https://docs.bareos.org/TasksAndConcepts/TransportEncryption.html#tls-configuration-reference
Additionally it is also important to understand the network connection diagrams as they give you an overview how the distributed components interact with each other: https://docs.bareos.org/TasksAndConcepts/NetworkSetup.html#network-connections-overview 


Am 29.05.20 um 08:08 schrieb bareos-user:


Hello everyone.
I use bareos (community edition) on Debian:
1. bareos-fd ver. 19.2 @debian 9
2. bareos-dir, bareos-sd ver. 19.2 @debian 10
There is a connection problem between bareos-fd and bareos-sd when TLS-PSK is enabled. If I disable TLS, then the connection works well, here is the configuration: 
bareos-fd:
Client {
 ...
 TLS Enable = no;
 TLS Require = no;
 ...
}

bareos-sd:
Storage {
  ...
  TLS Enable = no;
  TLS Require = no;
  ...
}

If I change 'no' to 'yes', then the job does not start, in the error log:
--
sd  JobId 39: Fatal error: Connect failure: ERR=error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher 
sd  JobId 39: Fatal error: lib/bnet.cc:124 TLS Negotiation failed.
sd  JobId 39: Fatal error: TLS negotiation failed.
sd  JobId 39: Fatal error: stored/authenticate.cc:194 Authorization problem: Two way security handshake failed with File daemon at client 
sd  JobId 39: Fatal error: Unable to authenticate File daemon
fd  JobId 39: Fatal error: Connect failure: ERR=error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure 
fd  JobId 39: Fatal error: TLS negotiation failed
fd  JobId 39: Fatal error: Failed to authenticate Storage daemon.
dir JobId 39: Fatal error: Bad response to Storage command: wanted 2000 OK storage 
--
What could be the problem ? Maybe something needs to be tweaked in the openssl configuration? 
Thanks.


--
Mit freundlichen Grüßen

 Frank Ueberschar                          [email protected]
 Bareos GmbH & Co. KG                      Phone: +49 221 63 06 93-88
 http://www.bareos.com                     Fax:   +49 221 63 06 93-10

 Sitz der Gesellschaft: Köln | Amtsgericht Köln: HRA 29646
 Geschäftsführer: S. Dühr, M. Außendorf, J. Steffens, P. Storz

--
You received this message because you are subscribed to the Google Groups 
"bareos-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/d/msgid/bareos-users/03b27dec-6c65-3546-462a-4eb5cca011f1%40bareos.com.

Reply via email to