
Just a thought: Do you have all your CA certs in the right place??<div><br></div><div>Ralph Mitchell</div><div><br><br><div class="gmail_quote">On Mon, Sep 17, 2012 at 4:40 PM, Michael Gallen <span dir="ltr"><<a href="mailto:Michael.Gallen@avotus.com" target="_blank">Michael.Gallen@avotus.com</a>></span> wrote:<br>

<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">


<div lang="EN-CA" link="blue" vlink="purple">

<div>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Hi All</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">I need help resolving OpenSSL errors for some internal and some public https sites.</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">I am migrating from Hobbit 4.2.0 on CentOS 5.5 to Xymon 4.3.9 on CentOS 6.2

</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Everything works fine on CentOS 5.5 but on CentOS 6.2 we get SSL errors for some of our https sites.</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Some https sites test ok, others always fail.</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Hobbit uses openssl 0.9.8e-12.el5_5.7</span></font><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"></span></font></p>


<p class="MsoNormal"><font size="3" face="Times New Roman"><span style="font-size:12.0pt">Xymon uses openssl 1.0.0-25.el6_3.1</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">The error also displays when testing with wget and openssl –debug, please see below..</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">[xymon@xymon server]$ wget <a href="https://wiki.local.com" target="_blank">https://wiki.local.com</a></span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">--2012-09-17 16:19:45--  <a href="https://wiki.local.com/" target="_blank">https://wiki.local.com/</a></span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Resolving wiki.avotuscorp.com... 10.12.0.61</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Connecting to <a href="http://wiki.local.com" target="_blank">wiki.local.com</a>|10.12.0.61|:443... connected.</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">OpenSSL: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Unable to establish SSL connection.</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">[xymon@xymon server]$ openssl s_client -connect <a href="http://wiki.local.com:443" target="_blank">wiki.local.com:443</a> -state -debug</span></font></p>


<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">CONNECTED(00000003)</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">SSL_connect:before/connect initialization</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">write to 0x89dcab0 [0x8a13ac8] (113 bytes => 113 (0x71))</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0000 - 16 03 01 00 6c 01 00 00-68 03 01 50 57 86 8f 01   ....l...h..PW...</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0010 - 39 d7 67 bc af ad dd 03-01 44 c8 f7 ca 43 0e 69   9.g......D...C.i</span></font></p>

<p class="MsoNormal"><font face="Arial"><span lang="PT-BR" style="font-size:10.0pt;font-family:Arial">0020 - bf dc 31 da 0b 44 c8 2f-5a 5c 57 00 00 3a 00 39   ..1..D./Z\W..:.9</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a   .8.....5........</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96   .3.2.....E.D./..</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11   .A..............</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23      ..............#</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0071 - <SPACES/NULS></span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">SSL_connect:SSLv2/v3 write client hello A</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">read from 0x89dcab0 [0x8a19028] (7 bytes => 7 (0x7))</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">0000 - 15 03 01 00 02 02 0a                              .......</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">SSL3 alert read:fatal:unexpected_message</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">SSL_connect:error in SSLv2/v3 read server hello A</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"><a href="tel:3077838572" value="+13077838572" target="_blank">3077838572</a>:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:674:</span></font></p>


<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">---</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">no peer certificate available</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">---</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">No client certificate CA names sent</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">---</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">SSL handshake has read 7 bytes and written 113 bytes</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">---</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">New, (NONE), Cipher is (NONE)</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Secure Renegotiation IS NOT supported</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Compression: NONE</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">Expansion: NONE</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial">---</span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Arial"><span style="font-size:10.0pt;font-family:Arial"> </span></font></p>

<p class="MsoNormal"><font face="Calibri"><span style="font-size:10.0pt;font-family:Calibri">Thanks for any help</span></font></p>

<p class="MsoNormal"><b><font face="Calibri"><span style="font-size:10.0pt;font-family:Calibri;font-weight:bold">Michael</span></font></b><font face="Calibri"><span style="font-size:10.0pt;font-family:Calibri"></span></font></p>


</div>

<br>

<hr>

<font face="Verdana" color="Gray" size="1"><br>

Disclaimer: This email message and any attachments are for the sole use of the intended recipient(s) and may contain information that is confidential, legally privileged or otherwise exempt from disclosure under applicable law. If you are not the intended recipient(s)

 or have received this message in error, you are instructed to immediately notify the sender by return email and required to delete this message from your computer system. This communication does not form any contractual obligation on behalf of the sender,

 the sender's employer or such employer's parent company, affiliates or subsidiaries.<br>

<br>

</font>

</div>


<br>_______________________________________________<br>

Xymon mailing list<br>

<a href="mailto:Xymon@xymon.com">Xymon@xymon.com</a><br>

<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/mailman/listinfo/xymon</a><br>

<br></blockquote></div><br></div>