im running an oVirt 4.2.8 cluster with two nodes. A few days ago, my SSL 
certificates expired. After that, i changed all the certificates on the engine 
via "engine-upgrade" command and issued new vdsm client certificates. Then i 
copied the new certificates to my ovirt nodes and restarted vdsmd (systemctl 
restart vdsmd).

Now i'm still not able to connect to my ovirt nodes. In the engine log i can 
see the following error:


2022-09-01 18:25:51,822+02 INFO  
[org.ovirt.vdsm.jsonrpc.client.reactors.ReactorClient] (SSL Stomp Reactor) [] 
Connecting to /192.168.xx.xx

2022-09-01 18:25:51,827+02 ERROR 
[org.ovirt.vdsm.jsonrpc.client.reactors.Reactor] (SSL Stomp Reactor) [] Unable 
to process messages The server selected protocol version TLS10 is not accepted 
by client preferences [TLS12]

2022-09-01 18:25:51,829+02 ERROR 
(EE-ManagedThreadFactory-engineScheduled-Thread-88) [] Unable to 
RefreshCapabilities: VDSNetworkException: VDSGenericException: 
VDSNetworkException: The server selected protocol version TLS10 is not accepted 
by client preferences [TLS12]


I searched my vdsm client config but i cannot see any specific TLS version set 
(every option with TLS is commented - seems to be the default):


$grep -R -i TLS /etc/vdsm/

/etc/vdsm/vdsm.conf:# ssl_protocol = tlsv1

/etc/vdsm/vdsm.conf:# https://docs.python.org/2/library/ssl.html. e.g. 

/etc/vdsm/vdsm.conf:# OP_NO_TLSv1_1 By default tlv1, tlsv1.1 and tlsv1.2 are 


On the engine i didn't find any setting to set a specific TLS version - there 
seems to have been a setting (VdsmSSLProtocol) but that got deprecated years 

Does anybody know why my engine is still not able to connect to the client 

I also tried to set "ssl_protocol = tlsv1" via vdsm.conf but that didn't work 





Name       : vdsm

Architektur : x86_64

Version    : 4.19.37

Ausgabe    : 1.el7.centos

Name       : ovirt-engine

Architektur : noarch

Version    :

Ausgabe    : 1.el7

Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-le...@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: 
List Archives: 

Reply via email to