[Xymon] OpenSSL Errors for some https tests

Ralph Mitchell ralphmitchell at gmail.com
Tue Sep 18 03:14:02 CEST 2012


Just a thought: Do you have all your CA certs in the right place??

Ralph Mitchell


On Mon, Sep 17, 2012 at 4:40 PM, Michael Gallen
<Michael.Gallen at avotus.com>wrote:

>  Hi All
>
> I need help resolving OpenSSL errors for some internal and some public
> https sites.
>
>
>
> I am migrating from Hobbit 4.2.0 on CentOS 5.5 to Xymon 4.3.9 on CentOS
> 6.2
>
>
>
> Everything works fine on CentOS 5.5 but on CentOS 6.2 we get SSL errors
> for some of our https sites.
>
> Some https sites test ok, others always fail.
>
>
>
> Hobbit uses openssl 0.9.8e-12.el5_5.7
>
> Xymon uses openssl 1.0.0-25.el6_3.1
>
>
>
> The error also displays when testing with wget and openssl –debug, please
> see below..
>
>
>
> [xymon at xymon server]$ wget https://wiki.local.com
>
> --2012-09-17 16:19:45--  https://wiki.local.com/
>
> Resolving wiki.avotuscorp.com... 10.12.0.61
>
> Connecting to wiki.local.com|10.12.0.61|:443... connected.
>
> OpenSSL: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> unexpected message
>
> Unable to establish SSL connection.
>
>
>
>
>
> [xymon at xymon server]$ openssl s_client -connect wiki.local.com:443 -state
> -debug
>
> CONNECTED(00000003)
>
> SSL_connect:before/connect initialization
>
> write to 0x89dcab0 [0x8a13ac8] (113 bytes => 113 (0x71))
>
> 0000 - 16 03 01 00 6c 01 00 00-68 03 01 50 57 86 8f 01   ....l...h..PW...
>
> 0010 - 39 d7 67 bc af ad dd 03-01 44 c8 f7 ca 43 0e 69   9.g......D...C.i
>
> 0020 - bf dc 31 da 0b 44 c8 2f-5a 5c 57 00 00 3a 00 39   ..1..D./Z\W..:.9
>
> 0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a   .8.....5........
>
> 0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96   .3.2.....E.D./..
>
> 0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11   .A..............
>
> 0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23      ..............#
>
> 0071 - <SPACES/NULS>
>
> SSL_connect:SSLv2/v3 write client hello A
>
> read from 0x89dcab0 [0x8a19028] (7 bytes => 7 (0x7))
>
> 0000 - 15 03 01 00 02 02 0a                              .......
>
> SSL3 alert read:fatal:unexpected_message
>
> SSL_connect:error in SSLv2/v3 read server hello A
>
> 3077838572:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
> unexpected message:s23_clnt.c:674:
>
> ---
>
> no peer certificate available
>
> ---
>
> No client certificate CA names sent
>
> ---
>
> SSL handshake has read 7 bytes and written 113 bytes
>
> ---
>
> New, (NONE), Cipher is (NONE)
>
> Secure Renegotiation IS NOT supported
>
> Compression: NONE
>
> Expansion: NONE
>
> ---
>
>
>
>
>
> Thanks for any help
>
> *Michael*
>
> ------------------------------
>
> Disclaimer: This email message and any attachments are for the sole use of
> the intended recipient(s) and may contain information that is confidential,
> legally privileged or otherwise exempt from disclosure under applicable
> law. If you are not the intended recipient(s) or have received this message
> in error, you are instructed to immediately notify the sender by return
> email and required to delete this message from your computer system. This
> communication does not form any contractual obligation on behalf of the
> sender, the sender's employer or such employer's parent company, affiliates
> or subsidiaries.
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20120917/31347a44/attachment.html>


More information about the Xymon mailing list