[Xymon] monitoring websites behind cloudflare?
Bruce Ferrell
bferrell at baywinds.org
Tue Mar 3 22:46:33 CET 2020
Matt,
Just for giggles I did a manual test using openssl:
openssl s_client -connect 104.18.5.68:443
With the following results:
CONNECTED(00000003)
140619981215560:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:769:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 247 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
This means that the IP address isn't serving SSL
One I know is serving SSL:
openssl s_client -connect 50.196.187.248:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = baywinds.org
verify return:1
---
Certificate chain
0 s:/CN=baywinds.org
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
<cert info>
-----END CERTIFICATE-----
subject=/CN=baywinds.org
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Server Temp Key: ECDH, prime256v1, 256 bits
---
SSL handshake has read 3233 bytes and written 373 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 338A6AA8E41A643BD51B57CB6BF55A9619110159A3390AD761C3E4AB1853437E
Session-ID-ctx:
Master-Key: 13BD58F4497A226F3B3713569D39CD38F2445C98E6D91D866BD8AB99CABBAF1D93599AB5CF5150FC2DE4CFDC6E99FADC
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
blah blah blah
.......
Bottom line, that IP address isn't serving HTTPS
On 3/3/20 10:05 AM, Matthew Goebel wrote:
> Hello,
>
> We are running xymon 4.3.29 on sles 12 and trying to monitor a website that
> is behind cloudflare but I cannot find a find a combo of https flags in hosts.cfg
> that will connect to cloudflare. Has anyone else had this issue and come up with
> a solution? I have literally tried every reasonable combo...
>
> "Unspecified SSL error in SSL_con"..., 153Unspecified SSL error in SSL_connect to https (47873/tcp) on host 104.18.5.68 <http://104.18.5.68>: error:14094410:SSL
> routines:ssl3_read_bytes:sslv3 alert handshake failure
>
> Thanks,
> Matt
>
> --
> Matthew Goebel : goebel at emunix.emich.edu <mailto:goebel at emunix.emich.edu> : Unix Jockey @ EMU : Hail Eris
> Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
> "Always with the negative waves, Moriarty" - Oddball
> "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list