Actions
Bug #16716
closed
5.0.15 and lower agents can not update when managed by a 6.0+ server or relay
Pull Request:
Severity:
Major - prevents use of part of Rudder | no simple workaround
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
Reviewed
Fix check:
To do
Regression:
Description
When trying to update a node I got the following error:
root@bob:~# rudder agent update error: Failed to establish TLS connection: (-1 SSL_ERROR_SSL) tlsv1 alert protocol version error: No suitable server found R: ********************************************************************************* * rudder-agent could not get an updated configuration from the policy server. * * This can be caused by: * * * an agent key that has been changed * * * if this node is not accepted or deleted node on the Rudder root server * * * if this node has changed policy server without sending a new inventory * * Any existing configuration policy will continue to be applied without change. * ********************************************************************************* error: Rudder agent promises could not be updated.
This comes from a bad TLS version settings in the cf-agent. It seems to be well configured on the agent but when
capturing a TLS handshake there is a mismatch between the TLS version used.
For some reasons the TLS version is set to 1.0 when the config force 1.2.
It may be related to https://github.com/cfengine/core/pull/3684/files.
Upgrading to 5.0.16+ which brings a more recent version of cfengine fix the problem and force correctly the TLS version to 1.2+.
Updated by 
Updated by
Actions