Wrong Version Number SSL3 in Ubuntu with sensor Kubernetes

(David) #1

Hello again.

I have a new problem with the sensors, this time running on an Ubuntu system.
The error is as follows:

2019-05-06 12:37:18,630 139829452686352 WARNING sensor_wrapper [-] Sensor "watchCoreV1LimitRangeListForAllNamespaces" run method raised an exception: [('SSL routines', 'ssl3_get_record', 'wrong version number')].

I updated the SSL version to OpenSSL 1.0.2k (as in my stackstorm with Centos7) but it still shows the same error. My kubernetes is http, not https. Did someone have a similar problem?

Thanks for all. Greetings.

(Lindsay Hill) #2

It’s not an OpenSSL version issue. Initially I would have said it looks more like a problem with either SSL/TLS version mismatch (e.g. something expecting TLS v1.2, and the other side only doing SSLv3).

But this sheds more light on it. You’re probably using a URL like https://<k8s_instance>:<some_port>, but if that’s only listening with http, you need to tell it to use http://<k8s_instance>:<some_port>

(David) #3

hi!

In /opt/stackstorm/config/kubernetes.yaml:
kubernetes_api_url: “http://192.168.1.172:8080

if I change to the secure port with https it works correctly, because of the insecure port it shows the error of SSL wrong version. I need to do it in an insecure way in this case. Keep investigating. Thank you!

(Lindsay Hill) #4

Check that your protocol specified in the URL - http or https - matches the protocol that is listening on the port you are connecting to.

Most likely you’re using https to connect to a plaintext service. Change the URL to specify http

(David) #5

The api of kubernetes is listening to both http and https, and working. Keep investigating! Thank you :slight_smile:

(Lindsay Hill) #6

Yes, but it will be on different ports. You need to make sure you’re using the right protocol + port combination

(David) #7

Yes, for the protocol https port 6443, for the protocol http 8080. You mean that?

(David) #8

Hi!

I attach a screenshot with the errors:

image