Search code examples

argo cd remote error: tls: handshake failure

i want to deploy redis from bitnami charts . but i facing issue that

rpc error: code = Unknown desc = Manifest generation error (cached): `helm dependency build` failed exit status 1: Error: could not download Get "": remote error: tls: handshake failure

but when i run manual on my cluster is fine. i dont know where the configuration to solving this issue


  • >sslscan
    Version: 2.0.0 Windows 64-bit (Mingw)
    OpenSSL 1.1.1e-dev  xx XXX xxxx
    Connected to
    Testing SSL server on port 443 using SNI name
      SSL/TLS Protocols:
    SSLv2     disabled
    SSLv3     disabled
    TLSv1.0   disabled
    TLSv1.1   disabled
    TLSv1.2   enabled
    TLSv1.3   enabled
      TLS Fallback SCSV:
    Server supports TLS Fallback SCSV
      TLS renegotiation:
    Session renegotiation not supported
      TLS Compression:
    Compression disabled
    TLSv1.3 not vulnerable to heartbleed
    TLSv1.2 not vulnerable to heartbleed
      Supported Server Cipher(s):
    Preferred TLSv1.3  128 bits  TLS_AES_128_GCM_SHA256        Curve 25519 DHE 253
    Accepted  TLSv1.3  256 bits  TLS_AES_256_GCM_SHA384        Curve 25519 DHE 253
    Accepted  TLSv1.3  256 bits  TLS_CHACHA20_POLY1305_SHA256  Curve 25519 DHE 253
    Preferred TLSv1.2  128 bits  ECDHE-RSA-AES128-GCM-SHA256   Curve 25519 DHE 253
    Accepted  TLSv1.2  128 bits  ECDHE-RSA-AES128-SHA256       Curve 25519 DHE 253
    Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-GCM-SHA384   Curve 25519 DHE 253
    Accepted  TLSv1.2  256 bits  ECDHE-RSA-CHACHA20-POLY1305   Curve 25519 DHE 253
    Accepted  TLSv1.2  256 bits  ECDHE-RSA-AES256-SHA384       Curve 25519 DHE 253
    Accepted  TLSv1.2  128 bits  AES128-GCM-SHA256
    Accepted  TLSv1.2  256 bits  AES256-GCM-SHA384
    Accepted  TLSv1.2  128 bits  AES128-SHA256
      Server Key Exchange Group(s):
    TLSv1.3  128 bits  secp256r1 (NIST P-256)
    TLSv1.3  192 bits  secp384r1 (NIST P-384)
    TLSv1.3  128 bits  x25519
    TLSv1.2  128 bits  secp256r1 (NIST P-256)
    TLSv1.2  192 bits  secp384r1 (NIST P-384)
    TLSv1.2  128 bits  x25519
      Server Signature Algorithm(s):
    TLSv1.3  Server accepts all signature algorithms.
      SSL Certificate:
    Signature Algorithm: sha256WithRSAEncryption
    RSA Key Strength:    2048
    Issuer:   Amazon RSA 2048 M02
    Not valid before: Nov 16 00:00:00 2023 GMT
    Not valid after:  Dec 13 23:59:59 2024 GM

    Make sure your client provides a cipher suite list that match one of the Supported Server Cipher(s), then you are good to go.