[Xymon] [xymon] TLSv1 support for https?

Gore, David W (David) david.gore at verizon.com
Sun Dec 8 15:36:16 CET 2013


JC, are you implying the server is misconfigured and ssllabs would tell me why?  Regardless, it's on the intranet and not publicly accessible not that it is a server in my realm of control anyway.   We too just upgraded to RedHat 6.5 and I was thinking I could roll-back the SSL libraries to a previous release although that is less than appealing.

~David

-----Original Message-----
From: Japheth Cleaver [mailto:cleaver at terabithia.org] 
Sent: Saturday, December 07, 2013 2:14 PM
To: Gore, David W (David)
Cc: xymon at xymon.com
Subject: Re: [Xymon] [xymon] TLSv1 support for https?



On Sat, December 7, 2013 7:27 am, Gore, David W (David) wrote:
> Any chance for a patch to get TLSv1 support for https?  I have exactly one
> URL which is a load balancer that will only return a good status if you
> specify TLSv1.
>
> I use this command to test:
>
> openssl s_client -tls1 -connect my.ip.addr:443
>
> I tried ssl3 and ssl2 but the results echo what I see on Xymon which is a
> failure:
>
> 139728778356552:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version
> number:s3_pkt.c:337:
>
> Any workarounds?
>
> [xymon at xymon1 etc]$ xymonnet --version
> xymonnet version 4.3.12
> SSL library : OpenSSL 1.0.1e 11 Feb 2013
> LDAP library: OpenLDAP 20423
>

This came up for us with the move the RHEL/CentOS 6.5, which rebased the
openssl version to 1.0.1e. Given that xymonnet is using openssl to handle
this, I'm not sure how easy it would be to do much more... Our solution
was to fix forward.

If your site's publicly accessible, https://www.ssllabs.com/ssltest/ is a
nice site for checking against SSL mis-configs like this. Even this will
call out openssl-1.0.1e compatibility.

HTH,
-jc




More information about the Xymon mailing list