"TLS Channel error" occurs and login fails on a Brocade SAN switch that has LDAP authentication enabled, after changing the cipher setting used by SSH using the setcryptocfg command.
"TLS Channel error" occurs and login fails on a Brocade SAN switch that has LDAP authentication enabled, after changing the cipher setting used by SSH using the setcryptocfg command. Also getting same results even when trying to log in over the console (Serial) port client
The configured port for LDAP is 636, which uses SSL. Lab testing indicates the new client selected cipher and key exchange used in the command are not supported by the Brocade switch. As a result any authentication attempt via LDAP and SSL are failing.
Data center where Brocade SAN Switches are configured to do LDAP configured as primary authentication and local database as secondary. If SSH Cipher settings are changed on the switch using "seccryptocfg" command.
User won't be able to log into the switch and instead get the "TLS Channel error".
Disconnect the Ethernet cable from the active CP and wait 5 minutes. Doing so will force the switch to use the local database only, as it will have no network access to the LDAP
server. After the 5 minutes, attempt a local login over the console (serial) port again and reset the seccryptocfg settings to default using the below command.
seccryptocfg --default -type SSH
After the SSH cipher settings are set to default then you should be able to plug the network cable in to the Active CP and login using LDAP authentication.
[{"Product":{"code":"STMSAD","label":"Storage area network (SAN)->SAN768B-2 Fabric Backbone (2499-816)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":"Not Applicable","Platform":[{"code":"","label":"N\/A"}],"Version":"All Versions","Edition":"N\/A","Line of Business":{"code":"","label":""}},{"Product":{"code":"STNNL8","label":"IBM Storage Networking SAN24B-5"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STUQVR","label":"IBM Storage Networking SAN32B-E4"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STMSBR","label":"Storage area network (SAN)->SAN384B-2 Fabric Backbone (2499-416)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMN38","label":"Storage area network (SAN)->SAN42B-R (2498-R42)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STMSCJ","label":"Storage area network (SAN)->SAN48B-5 Switch (2498-F48)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STQPPK","label":"IBM Storage Networking SAN512B-6"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STQPJB","label":"SAN64B-6 Switch (8960-F64-N64)"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"LOB26","label":"Storage"}},{"Product":{"code":"STMSAD","label":"Storage area network (SAN)->SAN768B-2 Fabric Backbone (2499-816)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}},{"Product":{"code":"STNNAB","label":"Storage area network (SAN)->SAN96B-5 Switch (2498-F96, N96)"},"Business Unit":{"code":"BU054","label":"Systems w\/TPS"},"Component":" ","Platform":[{"code":"","label":""}],"Version":"","Edition":"","Line of Business":{"code":"","label":""}}]