You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I had a problem today which seems to have been reported in more or less similar fashion in the bug tracker several times: Misunderstandings between check_http and server implementations that do not support specific SSL/TLS versions. (In my case, the server is a web app running in a CentOS 6 Tomcat 7 and refuses standard check_http requests because of SSLv2 being enabled.)
I noted that the current (1.4.16) options do not allow to disable SSLv2 but leave both SSLv3 and TLSv1 enabled - so I added negative values to do just that into sslutils.c and (as an example case) check_http.c. Note that I didn't guard against old OpenSSL versions which may not have the required options ...
Submitted by j-bern on 2013-04-30 12:38:02
I had a problem today which seems to have been reported in more or less similar fashion in the bug tracker several times: Misunderstandings between check_http and server implementations that do not support specific SSL/TLS versions. (In my case, the server is a web app running in a CentOS 6 Tomcat 7 and refuses standard check_http requests because of SSLv2 being enabled.)
I noted that the current (1.4.16) options do not allow to disable SSLv2 but leave both SSLv3 and TLSv1 enabled - so I added negative values to do just that into sslutils.c and (as an example case) check_http.c. Note that I didn't guard against old OpenSSL versions which may not have the required options ...
[root@nagios nagios-plugins-1.4.16b]# plugins/check_http --ssl $PARAMS
CRITICAL - Cannot make SSL connection.
23666:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
[root@nagios nagios-plugins-1.4.16b]# for SSLVER in 3 2 1 -1 -2 -3 ; do plugins/check_http --ssl=$SSLVER $PARAMS 2>&1 | sed -e "s/^/$SSLVER /" ; done
3 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,070 second response time |time=0,069910s;;;0,000000 size=338B;;;0
2 CRITICAL - Cannot make SSL connection.
1 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,057 second response time |time=0,056833s;;;0,000000 size=338B;;;0
-1 CRITICAL - Cannot make SSL connection.
-1 19823:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
-2 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,061 second response time |time=0,061420s;;;0,000000 size=338B;;;0
-3 CRITICAL - Cannot make SSL connection.
-3 19827:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
The text was updated successfully, but these errors were encountered: