[Xymon] SSL Errors
Vernon Everett
everett.vernon at gmail.com
Tue Dec 9 04:50:52 CET 2014
Hi all
Thanks for that.
httpsh works beautifully.
Regards
Vernon
On 9 December 2014 at 08:12, Tim McCloskey <tm at freedom.com> wrote:
> Vernon,
>
> That is a bug in an early version of openssl,
> http://rt.openssl.org/Ticket/Display.html?user=guest&pass=guest&id=2240.
> Guessing that you can't patch it, so like Scott mentioned you could try to
> force a version, one that you have. The following is from the docs in
> 4.2.0, I did not check if these are still available in 4.3.17.
>
> "
> Forcing an HTTP or SSL version
> Some SSL sites will only allow you to connect, if you use specific
> "dialects" of HTTP or SSL. Normally this is auto-negotiated, but experience
> shows that this fails on some systems.
>
> bbtest-net can be told to use specific dialects, by adding one or more
> "dialect names" to the URL scheme, i.e. the "http" or "https" in the URL:
>
> * "2", e.g. https2://www.sample.com/ : use only SSLv2
> * "3", e.g. https3://www.sample.com/ : use only SSLv3
> * "m", e.g. httpsm://www.sample.com/ : use only 128-bit ciphers
> * "h", e.g. httpsh://www.sample.com/ : use only >128-bit ciphers
> * "10", e.g. http10://www.sample.com/ : use HTTP 1.0
> * "11", e.g. http11://www.sample.com/ : use HTTP 1.1
>
> These can be combined where it makes sense, e.g to force SSLv2 and
> HTTP 1.0 you would use "https210".
> "
>
> You could try http10://urltocert and not auto-negotiate the handshake.
>
>
> Regards,
>
> Tim
>
>
>
>
>
>
>
> ________________________________________
> From: Xymon [xymon-bounces at xymon.com] on behalf of Vernon Everett [
> everett.vernon at gmail.com]
> Sent: Monday, December 8, 2014 3:42 PM
> To: Scott Pfister
> Cc: Xymon mailinglist
> Subject: Re: [Xymon] SSL Errors
>
> Hi Scott
>
> All I get is a new error message. :-(
>
> https3
> Unspecified SSL error in SSL_connect to 47873/tcp on host 1.2.3.4<
> http://1.2.3.4>: error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong
> version number
>
> httpt
> Unspecified SSL error in SSL_connect to 47873/tcp on host 1.2.3.4<
> http://1.2.3.4>: error:1411809D:SSL
> routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list
>
> And the https status remains red.
>
> Regards
> Vernon
>
>
>
> On 8 December 2014 at 20:50, Scott Pfister <icepickjazz at gmail.com<mailto:
> icepickjazz at gmail.com>> wrote:
> Good morning,
>
> What version of SSL is on the client with the cert? ? Was SSLv3 disabled
> due to poodle exploit? Can you try forcing it to connect using only TLS or
> SSLv3? In host.cfg set https3://... or httpst://...
>
> thanks
>
>
>
> On Mon, Dec 8, 2014 at 4:33 AM, Vernon Everett <everett.vernon at gmail.com
> <mailto:everett.vernon at gmail.com>> wrote:
> Hi all
>
> Trying to get an https test working to monitor certificate expiry.
> Test shows up red, with very descriptive "SSL Error".
>
> The xymonnet error appears a little more useful, but I can't find a
> resolution to the problem.
> Unspecified SSL error in SSL_connect to 47873/tcp on host 1.2.3.4:
> error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid
> ecpointformat list
>
> Additional info.
> xymonnet version 4.3.17
> SSL library : OpenSSL 1.0.1j 15 Oct 2014
> LDAP library: OpenLDAP 20423
>
> Any advice appreciated.
>
> Regards
> Vernon
>
> --
> "Accept the challenges so that you can feel the exhilaration of victory"
> - General George Patton
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com<mailto:Xymon at xymon.com>
> http://lists.xymon.com/mailman/listinfo/xymon
>
>
>
>
>
> --
> "Accept the challenges so that you can feel the exhilaration of victory"
> - General George Patton
>
--
"Accept the challenges so that you can feel the exhilaration of victory"
- General George Patton
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20141209/bcafa793/attachment.html>
More information about the Xymon
mailing list