Configuring SSL for Hue server

Administrator: installation, configuration
#1

Hi,
I have been having some trouble configuring SSL on the Hue server running in docker. I have set the key , certificate and CA chain in hue.ini. When I attempt to load Hue in the browser I receive an error. ERR_SSL_VERSION_OR_CIPHER_MISMATCH. I don’t think Hue is actually sending any server hello at all so the error is a bit misleading. At least wireshark shows no TLS exchange messages. Certainly no cipher spec exchange.

I have the cn is set as the docker host FQDN. All permissions on keys, certs and chains are set according to the documentation.

SSL is configured and working between all backend services and Hue including ldaps for the authentication. The key and certificate are not self signed. They are issued by the corporate CA.

hue | [23/Feb/2021 10:44:32 +1100] runcherrypyserver INFO Starting server with options:
hue | {‘daemonize’: False,
hue | ‘host’: ‘0.0.0.0’,
hue | ‘pidfile’: None,
hue | ‘port’: 8888,
hue | ‘server_group’: ‘hue’,
hue | ‘server_name’: ‘localhost’,
hue | ‘server_user’: ‘hue’,
hue | ‘ssl_certificate’: ‘/usr/share/hue/conf/cert.pem’,
hue | ‘ssl_certificate_chain’: ‘/usr/share/hue/conf/cacerts.pem’,
hue | ‘ssl_cipher_list’: ‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA’,
hue | ‘ssl_no_renegotiation’: False,
hue | ‘ssl_private_key’: ‘/usr/share/hue/conf/key.pem’,
hue | ‘threads’: 50,
hue | ‘workdir’: None}

I have tried using an unencrypted private key file with no success.

My question is whether there is some further configuration that I need to change to enable SSL to the Hue server?

Thanks and Regards
Andrew Ryan