Incorrect MTU size in the network prevents TLS traffic in RHOCP 4

Solution Verified - Updated -

Issue

  • Is possible to access the Web Console from some networks but not from others.
  • A TCP connection can be established with the HAProxy but there is no TLS handshake.
  • Server Hello not reaching back the client preventing the OpenShift IngressVIP to work as expected.
  • HTTPS connectivity not working between hosts after TCP connection is established.
  • Noobaa is timing out to find the object from it's datastore.

  • Testing an HTTPS connection with curl the connection reach timeout after the Client hello:

    $ curl -kvs https://10.0.0.1
*   Trying 10.0.0.1:443...
* Connected to 10.0.0.1 (10.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/pki/tls/certs/ca-bundle.crt
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):

  • Curl command returns error: curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed.

Environment

  • Red Hat OpenShift Container Platform (RHOCP) 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content