Seeing the following error when trying to connect to a netapp appliance:
[attach_socket, netapp_ontap] netapp_ontapNetAppSessionValidating connection for host
[attach_socket, netapp_ontap] cbVerifyCtdResource failed
[attach_socket, netapp_ontap] com.netapp.nmsdk.client.ApiProtocolException: Connection error to Storage System <systemname>: Remote host closed connection during handshake
Version: UIM 8.5.1 or higher
Component: netapp v1.40 or higher, netapp ONTAP (8.2.2P2)
1. Via Raw Configuration on the probe please change the options line under startup to:
options = -Xms32m -Xmx1024m -Dfile.encoding=UTF-8 -Dhttps.protocols=TLSv1.2,TLSv1.1,TLSv1,SSLv3
2. If that doesn't resolve the error/issue consider the following in netapp:
...The connection to a different cluster may be working because SSLv3 protocol is DISABLED, AND ONLY TLSv1 is ENABLED
Working cluster connection... (cluster mode configuration showing SSL/TLS configuration)
<cluster_hostname>::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: false
SSLv2 Enabled: false
SSL FIPS 140-2 Enabled: false
Both clusters were running the same version of ONTAP (8.2.2P2).
Customer was NOT getting the same connection error when trying to add a profile to the netapp_ontap probe
The other cluster, was getting the connection error:
Profile failed verification due to error com.netapp.nmsdk.client.ApiProtocolException: Connection error to Storage Systemmhss-<cluster_hostname>: Remote host closed connection during handshake
And this is how it is configured, showing the ONLY difference being that both SSLv3 is ENABLED and so is TLSv1.
<cluster_hostname>::> system services web show
External Web Services: true
Status: online
HTTP Protocol Port: 80
HTTPs Protocol Port: 443
TLSv1 Enabled: true
SSLv3 Enabled: true
SSLv2 Enabled: false
SSL FIPS 140-2 Enabled: false
======================================
TLSv1 is more secure than SSLv3 in any case.
https://library.netapp.com/ecmdocs/ECMP1368862/html/GUID-3E07D3F8-6A05-49C0-BF92-9C88BA252E1F.html
There is helpful information on managing the web protocol engine/SSL for Clustered Data ONTAP 8.2.
In the pdf check out "Managing the web protocol engine"
You may need to discuss with the customer whether or not its feasible to disable SSLv3 on the non-working cluster.