[Box Backup] TLSHandshakeFailed: Possible other solution, than creating new CA?
Chris Wilson
chris at qwirx.com
Sun Jan 5 15:01:43 GMT 2014
Hi Pascal,
On Sun, 5 Jan 2014, Pascal Schrafl wrote:
> I'm getting the TLSHandshakeFailed error, when I try to connect my box
> backup client to the box backup server. According to the Troubleshooting
> Wiki the solution is to create a new CA on the server. Unfortunately, we
> have many other clients, that are backed up to that server and creating
> the new CA will invalidate their backed up data.
Creating a new CA does not invalidate anyone's backed up data. However you
would need to distribute new certificates to all clients.
> The server CA is rather old (created in 2004).
Could the certificate possibly have expired? If so, all logins from all
clients would be failing. Is that happening?
> Is there any other solution to fix the TLSHandshakeFailed issue without
> creating a new CA, so that the old backup data can be kept. Thanks a
> lot for your help and best regards,
If your CA works for at least some clients, then you certainly don't need
to create a new one. However, we need much more information from you to
help understand and solve the problem.
If necessary, we could add support for multiple client CA certificates to
the Box Backup server, to allow client CA rollover to be handled
gracefully. Server CA rollover would still be an issue requiring an
upgrade of all clients when it happens.
We might also want to look at the default lifetime of signed certificates,
and help admins to prepare for and distribute new certificates in good
time.
Looking at other problem reports, you may be able to get an error message
like this one, for example by using the bbackupquery command on your
failing client:
> Nov 5 16:22:33 aker bbstored[3432]: Incoming connection from
> 131.155.237.160 port 32806 (handling in child 3936)
>
> Nov 5 16:22:34 aker bbstored[3936]: SSL err during Accept:
> error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate
> returned
>
> Nov 5 16:22:34 aker bbstored[3936]: in server child, exception
> Connection TLSHandshakeFailed (7/30) -- terminating child
Or on the server:
> Nov 5 16:45:12 aker bbstored[3432]: Incoming connection from
> 131.155.237.160 port 32822 (handling in child 3963)
>
> Nov 5 16:45:14 aker bbstored[3963]: SSL err during Accept:
> error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
>
> Nov 5 16:45:14 aker bbstored[3963]: in server child, exception
> Connection TLSHandshakeFailed (7/30) -- terminating child
The messages before "TLSHandshakeFailed" are most important in diagnosing
the problem.
Also, what version of Box Backup are you running, and where did you get it
from?
Cheers, Chris.
--
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <chris+sig at qwirx.com> Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Ruby/Perl/SQL Developer |
\__/_/_/_//_/___/ | We are GNU : free your mind & your software |
More information about the Boxbackup
mailing list