After couple hours of looking around i am kind of stuck. I can access by minio server via web browser with a green lock. I was able to get cloud berry to work without ssl but when i enable ssl i got the following message “The request was aborted: Could not create SSL/TLS secure channel” any suggestion?
Hi Jacky,
I have investigated this a little bit.
The issue depends on server and client cipher suites. The same version should be allowed/available on both sides otherwise TLS channel will not be established.
I have look on minio on windows server 2008 installation.
These cipher are availble by default.
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
And these only in case elliptic curve method is used for generating certificate.
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
If you use self signed ssl certificate, you can regenerate it with elliptic curve method.
Probably you can also ask for such cetificate from the public authority.
Windows 7 client.
We use native client and there is only ECDSA AES-GCM ciphers in common.
No updates available for extending the list.
Browsers (Chrome and Firefox) use ChaCha20-Poly1305 ciphers, that are not included in windows client.
Known workaround for Windows 7 - update minio server certificate.
Windows 10 client
RSA authentication method available, so everything will run smoothly.
Please tell what is your environment (server/client)?
Probably there is an easy way to extend list of ciphers on minio server side, hasn’t looked yet.
Currently I am testing the minio server on a Windows 7 with a SSL extracted from IIS 2012 R2. So far the only client that i have tested is windows 7. Need to use minio as storage on 7,8,10, 2012 r2 and mac os. I will report back once i have a chance to test the new certificate. Need to use minio as storage on 7,8,10, 2012 r2 and mac os.
[reply=“Andrey;247”] Mine minio tests did not had any sucess, with http and https as well. #165929
[reply=“Stratos Misinezis;264”] were you able to login via the web?
The error is gone after switching the ssl to ECDSA. Getting the cetificate from a public authority was the hardest. namecheap was the cheapest that offer ECDSA.
[reply=“Andrey;247”] Is there another known problem with minio on mac? It works fine on windows 7 and 8 but i am getting “unknown operation (http) error”. CCB was able to create the bucket but nothing else.
[reply=“Jacky;276”] I am able to login via http and upload manually files to folder. But using CBB although that the plan works ok nothing is uploaded. I have not used SSL at all. I have tried in W2012 Server and W7 with the same results.
[reply=“Stratos Misinezis;279”] did u disable SSL on CBB? it is under the advance tap
[reply=“Andrey;247”] [quote=“Jacky;278”]It works fine on windows 7 and 8 but i am getting “unknown operation (http) error”.[/quote] The error code was happening on Mac OS only. Everything work as expected on windows 7 and 8 but haven’t had time to test it on 2012 and 10. This is what i found on the log of the mac os.
Content-Length: 2152176
Content-Type: binary/octet-stream
User-Agent: CloudBerry Backup (2.4) (http://www.cloudberrylab.com/)
x-amz-content-sha256: 9cccaf1830c212bb803e648d448fc196f4b14d2b5fe62926dc38203253d19fe3
x-amz-date: 20180318T042950Z
x-amz-meta-cb-encryptioninfo: 1;2153568;AES;256;ggszou4+tIJg00XNqo4kSQ==;;GZip;0
x-amz-meta-cb-unix-permissons: 384
Expect: 100-continue
Done waiting for 100-continue
HTTP/1.1 500 Internal Server Error
Accept-Ranges: bytes
Content-Type: application/xml
Server: Minio/RELEASE.2018-03-16T22-52-12Z (windows; amd64)
Vary: Origin
X-Amz-Request-Id: 151CE98FCDD32A70
Date: Sun, 18 Mar 2018 04:32:58 GMT
Connection: close
Transfer-Encoding: chunked
we are done reading and this is set to close, stop send
Closing connection 0
TLSv1.2 (OUT), TLS alert, Client hello (1):
[reply=“Andrey;247”] So we should request an ECDSA certificate from the authority then? This is done in the CSR step?
[reply=“Jacky;280”] Yes I did as CBB guys asked me to do but no sucess
[reply=“Martijn V;295”] Your private key should be generated with elliptic curve. This is prior CSR step.
[reply=“Andrey;300”] Thanks! Using an Elliptic Curve (ECDSA) key/cert pair fixes the issue I had with Windows 7 and Minio. Will do some more testing on the current releases and hopefully catch up with them again.
[reply=“Martijn V;348”] Hi Martijn, I am facing same issue and desperate for a solution. Did you get it working with purchase a SSL certificate from namecheap.com? I found there are 13 different SSL certificate purchase option on namecheap.com. May I ask you which one did you purchase? Thanks!
I bought my certificate with a local reseller selling Comodo PremiumSSL certificates. However, you do generate the EC private key yourself I assume. That will in turn generate a CSR with EC and you’ll provide only the CSR to the SSL vendor.
I meant a PositiveSSL.
Hi. I want to run CBB on Mac OS X 10.11.6 and backup to a remote location Minio server on linux. I want to setup encryption but based on the above there seems to be issues with encryption for CBB/Mac backing up to Minio. I would be interested to hear back from anyone who has succeeded to enable encryption in that setup. Thanks.