No common encryption algorithm for node agent (Centos 7, supernode)

Hello, all

now I’m trying to solve one problem to enrol my node as a supernode.

I’m using symbol-bootstrap v 1.0.5 to run the symbol server on my Centos 7.9 server.

After I run and validate the node agent like the following, I get an error “no encryption algorithm(s)”

[inari@ik1-411-37548 symbol-mainnet]$ curl --insecure https://localhost:7881/metadata -v
* About to connect() to localhost port 7881 (#0)
*   Trying 127.0.0.1...
* Connected to localhost (127.0.0.1) port 7881 (#0)
* Initializing NSS with certpath: sql:/etc/pki/nssdb
* NSS error -12286 (SSL_ERROR_NO_CYPHER_OVERLAP)
* Cannot communicate securely with peer: no common encryption algorithm(s).
* Closing connection 0
curl: (35) Cannot communicate securely with peer: no common encryption algorithm(s).
[inari@ik1-411-37548 symbol-mainnet]$ 

Could anyone give me any hints?

  • Additional info may concern:
[inari@ik1-411-37548 symbol-mainnet]$ symbol-bootstrap -v
symbol-bootstrap/1.0.5 linux-x64 node-v14.16.1


[inari@ik1-411-37548 symbol-mainnet]$ symbol-bootstrap healthCheck
                         _             _         _                    _         _                      
  ___  _   _  _ __ ___  | |__    ___  | |       | |__    ___    ___  | |_  ___ | |_  _ __  __ _  _ __  
 / __|| | | || '_ ` _ \ | '_ \  / _ \ | | _____ | '_ \  / _ \  / _ \ | __|/ __|| __|| '__|/ _` || '_ \ 
 \__ \| |_| || | | | | || |_) || (_) || ||_____|| |_) || (_) || (_) || |_ \__ \| |_ | |  | (_| || |_) |
 |___/ \__, ||_| |_| |_||_.__/  \___/ |_|       |_.__/  \___/  \___/  \__||___/ \__||_|   \__,_|| .__/ 
       |___/                                                                                    |_|    
2021-05-11T08:45:15.494Z info     Container db is running
2021-05-11T08:45:15.495Z info     Container node is running
2021-05-11T08:45:15.499Z info     Container broker is running
2021-05-11T08:45:15.500Z info     Container node-agent is running
2021-05-11T08:45:15.500Z info     Container rest-gateway is running
2021-05-11T08:45:15.502Z info     Container node port 7900 -> 7900 is open
2021-05-11T08:45:15.503Z info     Container node-agent port 7881 -> 7881 is open
2021-05-11T08:45:15.503Z info     Testing https://localhost:7881/metadata
2021-05-11T08:45:15.515Z info     Container rest-gateway port 3000 -> 3000 is open
2021-05-11T08:45:15.519Z info     Testing http://localhost:3000/node/health
2021-05-11T08:45:15.528Z info     Agent https://localhost:7881/metadata is up and running...
2021-05-11T08:45:15.572Z info     Rest http://localhost:3000/node/health is up and running...
2021-05-11T08:45:15.572Z info     Network is running!

[inari@ik1-411-37548 symbol-mainnet]$ symbol-bootstrap verify
                         _             _         _                    _         _                      
  ___  _   _  _ __ ___  | |__    ___  | |       | |__    ___    ___  | |_  ___ | |_  _ __  __ _  _ __  
 / __|| | | || '_ ` _ \ | '_ \  / _ \ | | _____ | '_ \  / _ \  / _ \ | __|/ __|| __|| '__|/ _` || '_ \ 
 \__ \| |_| || | | | | || |_) || (_) || ||_____|| |_) || (_) || (_) || |_ \__ \| |_ | |  | (_| || |_) |
 |___/ \__, ||_| |_| |_||_.__/  \___/ |_|       |_.__/  \___/  \___/  \__||___/ \__||_|   \__,_|| .__/ 
       |___/                                                                                    |_|    
2021-05-11T08:45:25.207Z info     OS: Linux - 3.10.0-1160.15.2.el7.x86_64 - linux
2021-05-11T08:45:25.209Z info     NodeVersion - OK! - 14.16.1
2021-05-11T08:45:25.209Z info     Docker Version - OK! - 20.10.5
2021-05-11T08:45:25.209Z info     Docker Compose Version - OK! - 1.27.4
2021-05-11T08:45:25.209Z info     Docker Run Test - OK! - Command 'docker run hello-world' executed!
2021-05-11T08:45:25.210Z info     Sudo User Test - OK! - Your are not the sudo user!

[inari@ik1-411-37548 symbol-mainnet]$ cat /etc/redhat-release 
CentOS Linux release 7.9.2009 (Core)

[inari@ik1-411-37548 symbol-mainnet]$ ldconfig -p | grep libssl
	libssl3.so (libc6,x86-64) => /lib64/libssl3.so
	libssl.so.10 (libc6,x86-64) => /lib64/libssl.so.10
	libssl.so.1.1 (libc6,x86-64) => /usr/local/openssl-1.1.1/lib/libssl.so.1.1
	libssl.so (libc6,x86-64) => /usr/local/openssl-1.1.1/lib/libssl.so

[inari@ik1-411-37548 symbol-mainnet]$ docker logs node-agent
Loading custom config file 'agent.properties'...
Creating logger file logs/agent.log
2021-05-11T11:38:51.083Z info: [AgentServer]     Open Api spec loaded.
2021-05-11T11:38:51.093Z info: [AgentServer]     Setting up error handler.
2021-05-11T11:38:51.093Z info: [AgentServer]     Defining spec endpoint
2021-05-11T11:38:51.093Z info: [AgentServer]     Setup middleware completed.
2021-05-11T11:38:51.094Z info: [AgentServer]     Setup routes completed.
2021-05-11T11:38:51.094Z warn: [AgentServer]     Starting a temporary https server...
2021-05-11T11:38:51.098Z info: [AgentServer]     Agent is ready to serve at port 7881
2021-05-11T11:38:51.099Z info: [AgentServer]     Calling http://node-monitoring.symbolblockchain.io:7890/nodes/mainPublicKey/6813384AA5CD94A1B5111183395DE6E55FF4DECB9CECD85DDB38854DDF7B2738/agent-ca-cert to fetch Agent-CA-Cert...
2021-05-11T11:38:51.379Z error: [AgentServer]    request to http://node-monitoring.symbolblockchain.io:7890/nodes/mainPublicKey/6813384AA5CD94A1B5111183395DE6E55FF4DECB9CECD85DDB38854DDF7B2738/agent-ca-cert failed, reason: connect ECONNREFUSED 18.214.69.246:7890
2021-05-11T11:38:51.380Z info: [AgentServer]     Agent-CA-Cert cannot be found in the controller, will retry in 20 minutes ...

Hi @1n4r1,

Can you try the following command before curl, please?

sudo yum update nss

NSS library in your end might be old…

Thx for your reply.

still having the same result :sweat_smile:

I got confused since node list shows some nodes are already recognized as a supernode though Supernode program is still only for the test net.
Maybe I should wait a bit till it’s begun?

That’s correct. Mainnet supernode program is not started yet.
That’s why you got this error:

2021-05-11T11:38:51.379Z error: [AgentServer] request to http://node-monitoring.symbolblockchain.io:7890/nodes/mainPublicKey/6813384AA5CD94A1B5111183395DE6E55FF4DECB9CECD85DDB38854DDF7B2738/agent-ca-cert failed, reason: connect ECONNREFUSED 18.214.69.246:7890

OK, thank you!!