[Xymon] [xymon] TLSv1 support for https?

Japheth Cleaver cleaver at terabithia.org
Thu Dec 19 14:27:36 CET 2013


On Sun, December 8, 2013 12:29 pm, Japheth Cleaver wrote:
> On Sun, December 8, 2013 6:36 am, Gore, David W (David) wrote:
>> JC, are you implying the server is misconfigured and ssllabs would tell
>> me
>> why?  Regardless, it's on the intranet and not publicly accessible not
>> that it is a server in my realm of control anyway.   We too just
>> upgraded
>> to RedHat 6.5 and I was thinking I could roll-back the SSL libraries to
>> a
>> previous release although that is less than appealing.
>
>
> Well, sort of, yes :)
>
> If a simple 'openssl s_client -connect my.ip.addr:443' hangs (as it did in
> our case, from any 6.5 or Fedora 19 box), then anything that's doing TLS
> handshaking the same way will have the same problems. xymonnet brought it
> to light, but as more and more clients start being more strict about TLS
> (and cipher lists) I wouldn't be surprised if more things break in the
> future.
>
> Rolling back the openssl lib should (have) work(ed), but there's a bit of
> a difference in how RPM was tagging them in x86_64 builds and that would
> have required lots of other packages to be swapped out as well for us.
>
> Also, FTR, it's not the RHEL bug indicated here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1022468 We had the same
> problem with openssl-1.0.1e-15 and -16.
>
>


For reference (assuming it was an F5 in the middle):

https://bugzilla.redhat.com/show_bug.cgi?id=1042908
https://www.imperialviolet.org/2013/10/07/f5update.html
http://www.ietf.org/mail-archive/web/tls/current/msg10423.html


HTH,

-jc




More information about the Xymon mailing list