[Xymon] ssl errors since updating from 4.3.12 to 4.3.16 with openssl 1.0.1
John Thurston
john.thurston at alaska.gov
Fri Feb 14 21:00:48 CET 2014
Since updating one of my xymon servers from 4.3.12 to 4.3.16, I have
been seeing a lot of flapping on https tests to several tomcat servers.
These failures are accompanied by lines in xymonnet.log of the form:
> Unspecified SSL error in SSL_connect to 8443/tcp on host 10.203.10.42: error:00000000:lib(0):func(0):reason(0)
I've just noticed that:
4.3.12 was built with openssl 0.9.8w
4.3.16 was built with openssl 1.0.1e
These hosts were reporting well on the 4.3.12 instance of this Xymon
server. They are still reporting well on my other (4.3.12) server. This
appears, to me, to be a failure at establishing an SSL connection so I
strongly suspect a difference in openssl behavior is the cause.
The flapping does not appear to be occurring with https checks against
my apache web servers, nor against my IIS web servers. Only against
instances of tomcat.
I'm going to go explore the differences between 0.9.8 and 1.0.1. My
hypothesis is the cause is a change in cipher lists with 1.0.1. Has
anyone else already seen these failures and found the cause?
--
Do things because you should, not just because you can.
John Thurston 907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska
More information about the Xymon
mailing list