vVOL VASA Provider would be in-accessible using unsupported (Non-PFS) ciphers
search cancel

vVOL VASA Provider would be in-accessible using unsupported (Non-PFS) ciphers

book

Article ID: 313387

calendar_today

Updated On:

Products

VMware vSphere ESXi

Issue/Introduction

Symptoms:

Post upgrade to ESX 8.0U1 unsupported VASA provider see communication failure in VVOLD Logs, below is example logs on ESXi (/var/run/logs/vvold.logs)

 2023-01-16T15:01:06.375Z Wa(164) VVold[1000344281]: [Originator@6876 sub=IO.Connection] Failed to SSL handshake; SSL(<io_obj p:0x000000ccb54819f8, h:15, <TCP '10.184.74.120 : 53142'>, <TCP '10.184.67.1 : 8443'>>), e: 167773200(sslv3 alert handshake failure), duration: 2msec
 2023-01-16T15:01:06.375Z Wa(164) VVold[1000344281]: [Originator@6876 sub=HttpConnectionPool-000000] Failed to get pooled connection; <cs p:000000ccb547f7e0, TCP:10.184.67.1:8443>, SSL(<io_obj p:0x000000ccb54819f8, h:15, <TCP '10.184.74.120 : 53142'>, <TCP '10.184.67.1 : 8443'>>), duration: 9msec, N7Vmacore3Ssl12SSLExceptionE(SSL Exception: error:0A000410:SSL routines::sslv3 alert handshake failure)

 


Environment

VMware vSphere ESXi 8.0
VMware vSphere ESXi 8.0.1

Cause

VASA provider does not support required ciphers by VMware.

Resolution

The issue needs to be fixed by VASA provider.


Workaround:

Fix the VASA Provider,  the vendor has been notified about the issue. For a temporary workaround enable the allowLegacyCiphers from Advance Config option.


Powered by Wolken Software