[Xymon] [xymon] TLSv1 support for https?

Japheth Cleaver cleaver at terabithia.org
Sun Dec 8 21:29:17 CET 2013



On Sun, December 8, 2013 6:36 am, Gore, David W (David) wrote:
> JC, are you implying the server is misconfigured and ssllabs would tell me
> why?  Regardless, it's on the intranet and not publicly accessible not
> that it is a server in my realm of control anyway.   We too just upgraded
> to RedHat 6.5 and I was thinking I could roll-back the SSL libraries to a
> previous release although that is less than appealing.


Well, sort of, yes :)

If a simple 'openssl s_client -connect my.ip.addr:443' hangs (as it did in
our case, from any 6.5 or Fedora 19 box), then anything that's doing TLS
handshaking the same way will have the same problems. xymonnet brought it
to light, but as more and more clients start being more strict about TLS
(and cipher lists) I wouldn't be surprised if more things break in the
future.

Rolling back the openssl lib should (have) work(ed), but there's a bit of
a difference in how RPM was tagging them in x86_64 builds and that would
have required lots of other packages to be swapped out as well for us.

Also, FTR, it's not the RHEL bug indicated here:
https://bugzilla.redhat.com/show_bug.cgi?id=1022468 We had the same
problem with openssl-1.0.1e-15 and -16.


Regards,

-jc




More information about the Xymon mailing list