Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

grpc: Handshake failed with fatal error SSL_ERROR_SSL: #3202

Open
jmvizcainoio opened this issue May 17, 2024 · 2 comments
Open

grpc: Handshake failed with fatal error SSL_ERROR_SSL: #3202

jmvizcainoio opened this issue May 17, 2024 · 2 comments
Labels
kind/bug lifecycle/rotten

Comments

@jmvizcainoio
Copy link

Describe the bug

We are deploying helm chart falco and falco exporter latest version k8s 1.26

we are enabling gprc and bind to 0.0.0.0 address

  grpc:
    enabled: true
    bind_address: "0.0.0.0:5060"
    private_key: "/etc/falco/certs/server.key"
    cert_chain: "/etc/falco/certs/server.crt"
    root_certs: "/etc/falco/certs/ca.crt"

We have been generated the certificate using your documentation

The secrets are correctly inserted into the pod but when falco start and exporter try to connect say

grpc: Handshake failed with fatal error SSL_ERROR_SSL: error:0A000412:SSL routines::sslv3 alert bad certificate.

i don't know where is the problem , if is a problem generating the ssl or if i missing configure a falco parameter.

Thanks

How to reproduce it

Expected behaviour

Screenshots

Environment

  • Falco version:
  • System info:
falco                    	falco    	23      	2024-05-17 07:50:48.661040227 +0000 UTC	deployed	falco-4.3.0          	0.37.1
prometheus-falco-exporter	falco    	17      	2024-05-17 07:51:10.671174571 +0000 UTC	deployed	falco-exporter-0.11.0	0.8.3
  • Cloud provider or hardware configuration:
  • OS:
Fri May 17 08:16:53 2024: Falco version: 0.37.1 (x86_64)
Fri May 17 08:16:53 2024: Falco initialized with configuration file: /etc/falco/falco.yaml
Fri May 17 08:16:53 2024: System info: Linux version 5.15.0-1039-aws (buildd@lcy02-amd64-107) (gcc (Ubuntu 9.4.0-1ubuntu1~20.04.1) 9.4.0, GNU ld (GNU Binutils for Ubuntu) 2.34) #44~20.04.1-Ubuntu SMP Thu Jun 22 12:21:12 UTC 2023
Fri May 17 08:16:53 2024: Loading rules from file /etc/falco/falco_rules.yaml
{
  "machine": "x86_64",
  "nodename": "falco-ddlh2",
  "release": "5.15.0-1039-aws",
  "sysname": "Linux",
  "version": "#44~20.04.1-Ubuntu SMP Thu Jun 22 12:21:12 UTC 2023"
}
  • Kernel:
  • Installation method:
    Kubernetes helm chart
falco                    	falco    	23      	2024-05-17 07:50:48.661040227 +0000 UTC	deployed	falco-4.3.0          	0.37.1
prometheus-falco-exporter	falco    	17      	2024-05-17 07:51:10.671174571 +0000 UTC	deployed	falco-exporter-0.11.0	0.8.3

Additional context
@poiana
Copy link

poiana commented Aug 15, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@poiana
Copy link

poiana commented Sep 14, 2024

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug lifecycle/rotten
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jmvizcainoio @poiana