<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Calibri Light";
panose-1:2 15 3 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
pre
{mso-style-priority:99;
mso-style-link:"HTML Preformatted Char";
margin:0cm;
margin-bottom:.0001pt;
font-size:10.0pt;
font-family:"Courier New";}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri Light",sans-serif;
color:windowtext;}
span.HTMLPreformattedChar
{mso-style-name:"HTML Preformatted Char";
mso-style-priority:99;
mso-style-link:"HTML Preformatted";
font-family:"Courier New";
mso-fareast-language:EN-GB;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:687876513;
mso-list-type:hybrid;
mso-list-template-ids:1776456588 -1278694124 134807555 134807557 134807553 134807555 134807557 134807553 134807555 134807557;}
@list l0:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:-;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Calibri Light",sans-serif;
mso-fareast-font-family:"Times New Roman";}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Symbol;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:"Courier New";}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-18.0pt;
font-family:Wingdings;}
ol
{margin-bottom:0cm;}
ul
{margin-bottom:0cm;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-GB link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span style='font-family:"Calibri Light",sans-serif'>I’m trying to monitor a website that is operated on part of Cloudflare’s setup and I am failing to get a positive result. The website uses TLS1.3 and Xymonnet tells me that it was built USING OpenSSL v 1.1.0g (Xymon version 4.3.28) which only handles TLS variants 1.0, 1.1, and 1.2.<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri Light",sans-serif'>I’m monitoring the server using the hosts.cfg entry:<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'>0.0.0.0 Website # noconn nosslcert https3://www.website.com/<o:p></o:p></span></p><p class=MsoNormal><span style='font-family:"Courier New"'><o:p> </o:p></span></p><p class=MsoNormal><span style='font-family:"Calibri Light",sans-serif'>I’ve tried other httpsX variants and no joy. The result I get from the website test is the rather sparse “- SSL error”<o:p></o:p></span></p><pre><span style='font-size:11.0pt'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>Digging into Xymonnet gives a more cryptic <o:p></o:p></span></pre><pre><span style='font-size:11.0pt'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt'>Unspecified SSL error in SSL_connect to https (47873/tcp) on host xx.xx.xx.xx: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure<o:p></o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>I’m assuming the issue is around the version of OpenSSL, as the OpenSSL v1.1.1 beta version manages TLS1.3 whereas OpenSSL v1.1.0g does not.<o:p></o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>I have three questions:<o:p></o:p></span></pre><pre style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>Is there a way of setting Xymon up to manage this monitoring?<o:p></o:p></span></pre><pre style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>When is it planned to include OpenSSL v1.1.1 in a Xymon build?<o:p></o:p></span></pre><pre style='margin-left:36.0pt;text-indent:-18.0pt;mso-list:l0 level1 lfo1'><![if !supportLists]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><span style='mso-list:Ignore'>-<span style='font:7.0pt "Times New Roman"'> </span></span></span><![endif]><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>In the meantime, is it worth writing a simple script to test the HTTPS response I need and feed this to Xymon separately?<o:p></o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>Many thanks<o:p></o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'>Martin Davies<o:p></o:p></span></pre><pre><span style='font-size:11.0pt;font-family:"Calibri Light",sans-serif'><o:p> </o:p></span></pre></div></body></html>