[Xymon] Monitoring websites using TLS1.3

Matthew Goebel mgoebel at emich.edu
Wed Mar 25 14:16:22 CET 2020 

Try adding sni to your hosts.cfg line for that server.

Matt


On Wed, Mar 25, 2020 at 8:45 AM <martin at savcom.co.uk> wrote:

> I’m trying to monitor a website that is operated on part of Cloudflare’s
> setup and I am failing to get a positive result.  The website uses TLS1.3
> and Xymonnet tells me that it was built USING OpenSSL v 1.1.0g (Xymon
> version 4.3.28) which only handles TLS variants 1.0, 1.1, and 1.2.
>
>
>
> I’m monitoring the server using the hosts.cfg entry:
>
> 0.0.0.0     Website    # noconn nosslcert https3://www.website.com/
>
>
>
> I’ve tried other httpsX variants and no joy.  The result I get from the
> website test is the rather sparse “- SSL error”
>
>
>
> Digging into Xymonnet gives a more cryptic
>
>
>
> Unspecified SSL error in SSL_connect to https (47873/tcp) on host xx.xx.xx.xx: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
>
>
>
> I’m assuming the issue is around the version of OpenSSL, as the OpenSSL v1.1.1 beta version manages TLS1.3 whereas OpenSSL v1.1.0g does not.
>
>
>
> I have three questions:
>
> -          Is there a way of setting Xymon up to manage this monitoring?
>
> -          When is it planned to include OpenSSL v1.1.1 in a Xymon build?
>
> -          In the meantime, is it worth writing a simple script to test the HTTPS response I need and feed this to Xymon separately?
>
>
>
> Many thanks
>
>
>
> Martin Davies
>
>
>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>


-- 
Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris
Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
 "Always with the negative waves, Moriarty" - Oddball
 "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20200325/5d36a980/attachment.htm>

More information about the Xymon mailing list