Re: #fabric #tls TLS handshake error on "exotic" ports whereas network works perfectly fine #fabric #tls


Gari Singh <garis@...>
 

The "exotic" ports are ephemeral ports used by a remote client.
Given the address is that of one of your other peers, my guess is that gossip is failing to connect which would indicate that you have not properly configured TLS in your org's MSP definition in the channel and/or have not properly set the tls.rootcert.file in your peer config.

-----------------------------------------
Gari Singh
Distinguished Engineer, CTO - IBM Blockchain
IBM Middleware
550 King St
Littleton, MA 01460
Cell: 978-846-7499
garis@...
-----------------------------------------

-----fabric@... wrote: -----
To: fabric@...
From: "Jean-Gaël Dominé"
Sent by: fabric@...
Date: 03/02/2020 03:58AM
Subject: [EXTERNAL] [Hyperledger Fabric] #fabric #tls TLS handshake error on "exotic" ports whereas network works perfectly fine

Hi all,

In the logs of my peers, I get a lot of TLS handshake errors similar to this one:

2020-02-27 08:27:53.296 UTC [core.comm] ServerHandshake -> ERRO 07e TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.134.108:44634
2020-02-27 08:27:53.604 UTC [core.comm] ServerHandshake -> ERRO 07f TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.134.108:44638
2020-02-27 08:27:54.036 UTC [core.comm] ServerHandshake -> ERRO 080 TLS handshake failed with error remote error: tls: bad certificate server=PeerServer remoteaddress=10.50.134.108:44648 This is an extract from my peer0 of org1. The IP 10.50.134.108 corresponds to my peer1 of org1. But I also get the same kind of errors on peer1-org1 with the IP of peer1-org2.
What I do not understand is:
- What are these ports (on other peers it's in the range of 56000-57000) and where are they defined?
- My network seems to perfectly work (I can query and invoke my chaincode)
Of course I get these errors only when TLS server is enabled in the network

Thanks for your help

JG

Join fabric@lists.hyperledger.org to automatically receive all group messages.