Plugins » Discovery

L W wrote:

The foreman discovery image is unable to create host in foreman if TLS 1.3 is enabled on the foreman apache webserver. Wer are running the lastest fdi image version 3.5.7

The apache error message:
[...]

After explicitly disabling¹ TLS 1.3 in de mod ssl confiuration everything works as expected.

This might be due to outdated ruby openssl library and has been fixed in a future release: https://github.com/ruby/openssl/pull/239/commits/7348165c5024771af1758fdb1bfc222e9277f4bb
[...]

Just let me know if you need any further information.

[1] mod ssl tls 1.3 disabled
[...]

Is nobody else running into this issue?

Lukas Zapletal wrote:

Hello, FDI uses CentOS7 ruby. Can you test with the latest CentOS7 with its Ruby 2.0? If new update does not fix this you need to ask CentOS or Red Hat to backport this into Ruby 2.0 or OpenSSL.

Hi, thank you for your reply. We are already using the lastest version of the fdi 3.5.7 (https://downloads.theforeman.org/discovery/releases/latest/) or should I build it by myself as mentioned here: https://github.com/theforeman/foreman-discovery-image#building ?

Thank you in advance.

Just verified it with latest FDI version 3.7.3 - still not working. apache error shows:

[Tue Feb 09 13:53:47.530618 2021] [ssl:error] [pid 27256:tid 140680739399424] [client 10.10.10.10:58182] AH: verify client post handshake
[Tue Feb 09 13:53:47.530650 2021] [ssl:error] [pid 27256:tid 140680739399424] [client 10.10.10.10:58182] AH10158: cannot perform post-handshake authentication
[Tue Feb 09 13:53:47.530671 2021] [ssl:error] [pid 27256:tid 140680739399424] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received