Kubernetes SSL error, ssl3_get_record:wrong version number
Hi,
I'm trying to activate our SSL certificate to work with Kubernetes Ingress, but are having a wrong version error
this is the log of the answer to the curl test call:
- Trying xx.xx.xx.xx:443…
- TCP_NODELAY set
- Connected to sample.mysite.com (xx.xx.xx.xx) port 443 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- successfully set certificate verify locations:
- CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs - TLSv1.3 (OUT), TLS handshake, Client hello (1):
- error:1408F10B:SSL routines:ssl3_get_record:wrong version number
- Closing connection 0
any ideas?
the certificate works well when using it without Kubernetes
1 Reply
jdutton
Linode Staff
This could potentially just be a misconfiguration of the Ingress. Here's a link to a similar NGINX-Ingress issue from the Kubernetes git:
SSL setup fails with: CONNECT_CR_SRVR_HELLO:wrong version number
For reference, the issue in that post^^ ended up being a tiny typo in the Ingress container config. Always worth checking. :)
Additionally, you can annotate your service to bypass kube-proxy's rerouting of in-cluster requests intended for the external LoadBalancer: