Couchbase backup reports remote error: tls: insufficient security level


I’m using Couchbase 6.0.1 Enterprise Edition. I’m trying to run Couchbase Backup (cbbackupmgr) from a different server. The server uses TLS cert.

On the server, I have:

  • restrict only to TLS 1.2
  • restrict cipher only to TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256)
  • Each of the nodes are using nodes certificates; all communicating happily
  • Curl can connect
  • Chrome/IE/etc. browser have issue. If I remove the cipher restriction, then even with TLS and standard ciphers, it will connect.

For backup, if Couchbase is already working (e.g., internal process, etc). Why is cbbackupmgr complaining about “Error backing up cluster: remote error: tls: insufficient security level”? If I remove the cipher restriction, then there is no problem. (We want to enforce the cipher.)

For cbbackupmgr, I’ve used https://:18091, :18091, and couchbases://. I’ve also used both --no-ssl-verify to skip check and also --cacert to provide the root. Nothing worked.

I know that previously in Couchbase 5.5.x EE, there was an issue with one of the end-points for TLS use and returns “not found” error instead. After upgrading to 6.0.1 EE, we get the “insufficient security level” error now.

The cipher we chose is a supported Couchbase cipher. (I went through Couchbase Support #27979 if you’re interested.)

I also want to get the Chrome/IE browser working as well but that is a lower priority for now.

Any idea?

Thank you.
Regards, Steve