Service Mesh HTTPS outbound traffic failing in Openshift 4

Solution Verified - Updated -

Issue

  • HTTPS call to external system fails due to port name of service.
  • If a service with a wrong port name exists all the Mesh cannot establish HTTPS outbound connections.

  • Outbound traffic fails from Openshift Service Mesh:

    $ oc exec -it ratings-v1-76b8c9cbf9-xxvd6 -n bookinfo -- curl -kLIso /dev/null -vvv https://redhat.com
Defaulted container "ratings" out of: ratings, istio-proxy
* Rebuilt URL to: https://redhat.com/
*   Trying 209.132.183.105...
* TCP_NODELAY set
* Connected to redhat.com (209.132.183.105) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* error setting certificate verify locations, continuing anyway:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
} [5 bytes data]
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
command terminated with exit code 35

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    • 4
  • Red Hat OpenShift Service Mesh (OSSM)
    • 2

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content