• Jacky
    0
    After couple hours of looking around i am kind of stuck. I can access by minio server via web browser with a green lock. I was able to get cloud berry to work without ssl but when i enable ssl i got the following message "The request was aborted: Could not create SSL/TLS secure channel" any suggestion?

  • AndreyAccepted Answer
    6
    Hi Jacky,

    I have investigated this a little bit.
    The issue depends on server and client cipher suites. The same version should be allowed/available on both sides otherwise TLS channel will not be established.

    I have look on minio on windows server 2008 installation.
    These cipher are availble by default.
    TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

    And these only in case elliptic curve method is used for generating certificate.
    TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
    If you use self signed ssl certificate, you can regenerate it with elliptic curve method.
    Probably you can also ask for such cetificate from the public authority.

    Windows 7 client.
    We use native client and there is only ECDSA AES-GCM ciphers in common.
    No updates available for extending the list.
    Browsers (Chrome and Firefox) use ChaCha20-Poly1305 ciphers, that are not included in windows client.
    Known workaround for Windows 7 - update minio server certificate.

    Windows 10 client
    RSA authentication method available, so everything will run smoothly.

    Please tell what is your environment (server/client)?
    Probably there is an easy way to extend list of ciphers on minio server side, hasn't looked yet.
  • Jacky
    0
    Currently I am testing the minio server on a Windows 7 with a SSL extracted from IIS 2012 R2. So far the only client that i have tested is windows 7. Need to use minio as storage on 7,8,10, 2012 r2 and mac os. I will report back once i have a chance to test the new certificate. Need to use minio as storage on 7,8,10, 2012 r2 and mac os.
  • Stratos Misinezis
    4
    Mine minio tests did not had any sucess, with http and https as well. #165929
  • Jacky
    0
    were you able to login via the web?
  • Jacky
    0
    The error is gone after switching the ssl to ECDSA. Getting the cetificate from a public authority was the hardest. namecheap was the cheapest that offer ECDSA.
  • Jacky
    0
    Is there another known problem with minio on mac? It works fine on windows 7 and 8 but i am getting "unknown operation (http) error". CCB was able to create the bucket but nothing else.
  • Stratos Misinezis
    4
    I am able to login via http and upload manually files to folder. But using CBB although that the plan works ok nothing is uploaded. I have not used SSL at all. I have tried in W2012 Server and W7 with the same results.
  • Jacky
    0
    did u disable SSL on CBB? it is under the advance tap
  • Jacky
    0
    It works fine on windows 7 and 8 but i am getting "unknown operation (http) error".Jacky
    The error code was happening on Mac OS only. Everything work as expected on windows 7 and 8 but haven't had time to test it on 2012 and 10. This is what i found on the log of the mac os.

    Content-Length: 2152176
    Content-Type: binary/octet-stream
    User-Agent: CloudBerry Backup (2.4) (http://www.cloudberrylab.com/)
    x-amz-content-sha256: 9cccaf1830c212bb803e648d448fc196f4b14d2b5fe62926dc38203253d19fe3
    x-amz-date: 20180318T042950Z
    x-amz-meta-cb-encryptioninfo: 1;2153568;AES;256;ggszou4+tIJg00XNqo4kSQ==;;GZip;0
    x-amz-meta-cb-unix-permissons: 384
    Expect: 100-continue
    Done waiting for 100-continue
    HTTP/1.1 500 Internal Server Error

    Accept-Ranges: bytes
    Content-Type: application/xml
    Server: Minio/RELEASE.2018-03-16T22-52-12Z (windows; amd64)
    Vary: Origin
    X-Amz-Request-Id: 151CE98FCDD32A70
    Date: Sun, 18 Mar 2018 04:32:58 GMT
    Connection: close
    Transfer-Encoding: chunked

    we are done reading and this is set to close, stop send
    Closing connection 0
    TLSv1.2 (OUT), TLS alert, Client hello (1):
  • Martijn V
    5
    So we should request an ECDSA certificate from the authority then? This is done in the CSR step?
  • Stratos Misinezis
    4
    Yes I did as CBB guys asked me to do but no sucess
  • Andrey
    6
    Your private key should be generated with elliptic curve. This is prior CSR step.
  • Martijn V
    5
    Thanks! Using an Elliptic Curve (ECDSA) key/cert pair fixes the issue I had with Windows 7 and Minio. Will do some more testing on the current releases and hopefully catch up with them again.
  • Ian Yin
    0
    Hi Martijn, I am facing same issue and desperate for a solution. Did you get it working with purchase a SSL certificate from namecheap.com ? I found there are 13 different SSL certificate purchase option on <a href="http://namecheap.com" target="_blank" rel="nofollow">namecheap.com</a> . May I ask you which one did you purchase? Thanks!
  • Martijn V
    5
    I bought my certificate with a local reseller selling Comodo PremiumSSL certificates. However, you do generate the EC private key yourself I assume. That will in turn generate a CSR with EC and you'll provide only the CSR to the SSL vendor.
  • Martijn V
    5
    I meant a PositiveSSL.
  • zefoto
    0
    Hi. I want to run CBB on Mac OS X 10.11.6 and backup to a remote location Minio server on linux. I want to setup encryption but based on the above there seems to be issues with encryption for CBB/Mac backing up to Minio. I would be interested to hear back from anyone who has succeeded to enable encryption in that setup. Thanks.
bold
italic
underline
strike
code
quote
ulist
image
url
mention
reveal
youtube
tweet
Add a Comment