[Xymon] ssl errors since updating from 4.3.12 to 4.3.16 with openssl 1.0.1

John Thurston john.thurston at alaska.gov
Fri Feb 14 21:00:48 CET 2014


Since updating one of my xymon servers from 4.3.12 to 4.3.16, I have 
been seeing a lot of flapping on https tests to several tomcat servers. 
These failures are accompanied by lines in xymonnet.log of the form:

> Unspecified SSL error in SSL_connect to 8443/tcp on host 10.203.10.42: error:00000000:lib(0):func(0):reason(0)

I've just noticed that:
  4.3.12 was built with openssl 0.9.8w
  4.3.16 was built with openssl 1.0.1e

These hosts were reporting well on the 4.3.12 instance of this Xymon 
server. They are still reporting well on my other (4.3.12) server. This 
appears, to me, to be a failure at establishing an SSL connection so I 
strongly suspect a difference in openssl behavior is the cause.

The flapping does not appear to be occurring with https checks against 
my apache web servers, nor against my IIS web servers. Only against 
instances of tomcat.

I'm going to go explore the differences between 0.9.8 and 1.0.1. My 
hypothesis is the cause is a change in cipher lists with 1.0.1. Has 
anyone else already seen these failures and found the cause?

-- 
    Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska



More information about the Xymon mailing list