I’ve just setup genieacs within our company network, and we are having an issue with only a single device (Huawei HG8245W5). It never registers with genieacs and there’s nothing in the logs coming from the IP assigned to it. We have done extensive debugging on our side using tools like wireshark, tcpdump and ssldump. We have found that the device does initiate communication, but apparently there’s a failure at the SSL handshake. Here’s a sample of the exchange between device and ACS:
New TCP connection #1: 172.16.16.59(36355) ↔ 21b9153213ab(7547)
1 1 0.1055 (0.1055) C>S V3.0(105) Handshake
64 99 8f 51 5d 82 4c 51 e3 b8 d7 1f 49 92 60 4f
3b e5 f8 ec 6f 3f fe bc 62 85 43 cd b9 eb 5b d8
1 2 0.1148 (0.0093) S>C V3.3(2) Alert
1 0.1197 (0.0049) C>S TCP FIN
1 0.1229 (0.0031) S>C TCP FIN
I don’t have sufficient access to the device to do something like disable HTTPS.
I originally had genieacs deployed behind haproxy, but changed that setup to troubleshoot the problem with this huawei. The problem remains the same. Haproxy logs were showing that there are no shared cipher even though there are shared ciphers suites.
2023-06-26T10:16:58+00:00 10.1.4.12 haproxy: 172.16.16.59:44253 [26/Jun/2023:10:16:58.058] proxy-http/3: SSL handshake failure (error:0A0000C1:SSL routines::no shared cipher)
2023-06-26T10:25:06+00:00 10.1.4.12 haproxy: 172.16.16.59:56081 [26/Jun/2023:10:25:06.738] proxy-http/3: SSL handshake failure (error:0A0000C1:SSL routines::no shared cipher)
Any help on this will be appreciated.