[Xymon] Monitoring websites using TLS1.3

martin at savcom.co.uk martin at savcom.co.uk
Wed Mar 25 13:16:38 CET 2020

I'm trying to monitor a website that is operated on part of Cloudflare's
setup and I am failing to get a positive result.  The website uses TLS1.3
and Xymonnet tells me that it was built USING OpenSSL v 1.1.0g (Xymon
version 4.3.28) which only handles TLS variants 1.0, 1.1, and 1.2.


I'm monitoring the server using the hosts.cfg entry:     Website    # noconn nosslcert https3://www.website.com/


I've tried other httpsX variants and no joy.  The result I get from the
website test is the rather sparse "- SSL error"

Digging into Xymonnet gives a more cryptic 
Unspecified SSL error in SSL_connect to https (47873/tcp) on host
xx.xx.xx.xx: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure
I'm assuming the issue is around the version of OpenSSL, as the OpenSSL
v1.1.1 beta version manages TLS1.3 whereas OpenSSL v1.1.0g does not.
I have three questions:
-          Is there a way of setting Xymon up to manage this monitoring?
-          When is it planned to include OpenSSL v1.1.1 in a Xymon build?
-          In the meantime, is it worth writing a simple script to test the
HTTPS response I need and feed this to Xymon separately?
Many thanks
Martin Davies
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200325/a61394a2/attachment.htm>

More information about the Xymon mailing list