[Xymon] SSL Error [SEC=UNCLASSIFIED]

Thu Nov 3 04:57:23 CET 2016

Hi Xymon community,

I'm getting a bunch of SSL Error alerts on some websites.

Here is one example:

https://kct-uat.agriculture.vic.gov.au/

If I add this to xymon, I get:

Thu Nov 3 03:50:38 2016: SSL error
red https://kct-uat.agriculture.vic.gov.au/ - SSL error

I did some digging through the xymon archives and openssl errors and found 
this:

http://lists.xymon.com/archive/2013-January/036688.html

and this:

http://stackoverflow.com/questions/24457408/openssl-command-to-check-if-a-server-is-presenting-a-certificate

so when I run this command from my Xymon server I get the 104 error:

# openssl s_client -connect kct-uat.agriculture.vic.gov.au:443
CONNECTED(00000003)
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE

But if I add the SNI, I get a nice connection:

# openssl s_client -connect kct-uat.agriculture.vic.gov.au:443 -servername 
kct-uat.agriculture.vic.gov.au
CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert 
High Assurance EV Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert 
SHA2 High Assurance Server CA
verify return:1
depth=0 C = AU, ST = Victoria, L = Melbourne, O = "Department of Economic 
Development, Jobs Transport and Resources", CN = *.agriculture.vic.gov.au
verify return:1

New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES256-SHA384
    Session-ID: 
DC460000EC412D00D689C7E10DF575272E026FF475153A6367229629D79D15CF
    Session-ID-ctx:
    Master-Key: 
0EE96C944F5746D3524A17580FD7907716FBA724C1B8909CA96430C2F7262EC469CD9CBD1D25A6ADDB791A6E45AAAB76
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1478145325
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)

But now I'm not sure what to do next...  Any ideas?

Thanks,

Martin.

---

********************************************************************************
Department of Economic Development, Jobs, Transport and Resources, Government of
Victoria, Victoria, Australia.

This email, and any attachments, may contain privileged and confidential
information.  If you are not the intended recipient, you may not distribute or
reproduce this e-mail or the attachments.  If you have received this message in
error, please notify us by return email.
********************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20161103/eb694332/attachment.html>