Seeing the following error when trying to connect to a netapp appliance:
[attach_socket, netapp_ontap] netapp_ontapNetAppSessionValidating connection for host
[attach_socket, netapp_ontap] cbVerifyCtdResource failed
[attach_socket, netapp_ontap] com.netapp.nmsdk.client.ApiProtocolException: Connection error to Storage System <systemname>: Remote host closed connection during handshake
Version: UIM 8.5.1
Companent: netapp v1.40 or higher, netapp ONTAP (8.2.2P2)
cluster security / protocol parameters
1. Via Raw Configuration on the probe please change the options line under startup to:
options = -Xms32m -Xmx1024m -Dfile.encoding=UTF-8 -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1,SSLv3
2. If that doesn't resolve the error/issue consider the following in netapp:
...The connection to a different cluster may be working because SSLv3 protocol is DISABLED, AND ONLY TLSv1 is ENABLED
Working cluster connection... (cluster mode configuration showing SSL/TLS configuration)
<cluster_hostname>::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: false
SSLv2 Enabled: false
SSL FIPS 140-2 Enabled: false
Both clusters were running the same version of ONTAP (8.2.2P2).
Customer was NOT getting the same connection error when trying to add a profile to the netapp_ontap probe
The other cluster, was getting the connection error:
Profile failed verification due to error com.netapp.nmsdk.client.ApiProtocolException: Connection error to Storage Systemmhss-<cluster_hostname>: Remote host closed connection during handshake
And this is how it is configured, showing the ONLY difference being that both SSLv3 is ENABLED and so is TLSv1.
<cluster_hostname>::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: true
SSLv2 Enabled: false
SSL FIPS 140-2 Enabled: false
======================================
TLSv1 is more secure than SSLv3 in any case.
https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-3E07D3F8-6A05-49C0-BF92-9C88BA252E1F.html
There is helpful information here on managing the web protocol engine/SSL for Clustered Data ONTAP 8.2.
https://library.netapp.com/ecm/ecm_download_file/ECMP1636068
In the pdf check out "Managing the web protocol engine"
You may need to discuss with the customer whether or not its feasible to disable SSLv3 on the non-working cluster.