[Xymon] SSL Error

Scott Post sjpostsr at gmail.com
Thu Jan 4 18:03:11 CET 2018 

One of the websites that I am trying to monitor moved to a new site from
http to https.

Upon changing in Xymon, I am now getting SSL error

Server Info:
Ubuntu 16.04
Xymon 4.3.25-1

Openssl Version:

OpenSSL 1.0.2g  1 Mar 2016

Xymonnet

xymonnet version 4.3.25
SSL library : OpenSSL 1.0.2f  28 Jan 2016
LDAP library: OpenLDAP 20442


Error output:
Unspecified SSL error in SSL_connect to https (47873/tcp) on host
x.x.x.x: error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure

I have tried using different combinations in the hosts.cfg

httpsc://

httpst://

--sni

--no-ssl

>From the Xymon server, if I run the command:

openssl s_client -connect weburl:443, I get the errors:

CONNECTED(00000003)
140008606660248:error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1515083787
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---

trying: openssl s_client -connect weburl:443 -servername weburl

CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2
Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.",
CN = Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.",
OU = http://certs.godaddy.com/repository/, CN = Go Daddy Secure
Certificate Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = weburl
verify return:1
---
Certificate chain
 0 s:/OU=Domain Control Validated/CN=weburl
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure
Certificate Authority - G2
 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure
Certificate Authority - G2
   i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy
Root Certificate Authority - G2
 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy
Root Certificate Authority - G2
   i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2
Certification Authority
---
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=weburl
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com,
Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure
Certificate Authority - G2
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4411 bytes and written 458 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.2
    Cipher    : ECDHE-RSA-AES128-GCM-SHA256
    Session-ID: 31590AD5C7EC70D6738AE51265DE3B3351503E280EDC0F147616E93CEA374BE3
    Session-ID-ctx:
    Master-Key:
FE4C481FDFEDC7933F5732859AEA6E6840848A8633E04BA4AA454ED256942E401846033109F1E9AA73534EA2B3261531
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    TLS session ticket lifetime hint: 10800 (seconds)
    TLS session ticket:
    0000 - bc 67 70 3b a5 1f 62 23-2a 74 e8 04 33 5a e4 8b   .gp;..b#*t..3Z..
    0010 - 4d d0 77 a5 6f 5a 88 06-26 9e 19 78 da 59 ce 49   M.w.oZ..&..x.Y.I
    0020 - e1 29 8a ec c7 7e 46 07-8c 5a f1 a4 b1 4a 3d c7   .)...~F..Z...J=.
    0030 - 83 56 f7 d1 78 b4 0f 12-e6 ca 42 cd 30 b2 63 ac   .V..x.....B.0.c.
    0040 - e1 a3 0d fe d3 cf 37 4d-73 05 ae 99 cc 7e f1 7d   ......7Ms....~.}
    0050 - 92 fb 7f 87 95 f0 8e 12-17 bf 68 11 44 a1 83 45   ..........h.D..E
    0060 - 2a bb 4c 9a 3e 63 ab ab-0a 3d a8 2f 5d e6 c5 f0   *.L.>c...=./]...
    0070 - e1 37 5a 9d 3d ae 15 c3-2f ab 2a 0f 07 a5 f8 ee   .7Z.=.../.*.....
    0080 - 2b df 77 03 6b 40 d2 4a-19 d8 01 c6 18 ab 58 f1   +.w.k at .J......X.
    0090 - 26 85 ff b2 b8 20 da 8f-8b c6 83 6d 94 5d 28 d4   &.... .....m.](.
    00a0 - 6f d3 f0 0f 9e f8 70 ef-df 85 39 d9 1c cc 12 60   o.....p...9....`

    Start Time: 1515083843
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20180104/003c41c6/attachment.html>

More information about the Xymon mailing list