[Xymon] SSL Error

5 Jan 2018


      Have you tried adding the keyword "sni" to the end of the host line in the
hosts.cfg?
Thanks,
JT
From:   Scott Post <sjpostsr at gmail.com>
To:     xymon at xymon.com
Date:   05/01/18 04:03
Subject:        [Xymon] SSL Error
Sent by:        "Xymon" <xymon-bounces at xymon.com>
One of the websites that I am trying to monitor moved to a new site from
http to https.
Upon changing in Xymon, I am now getting SSL error
Server Info:
Ubuntu 16.04
Xymon 4.3.25-1
Openssl Version:
OpenSSL 1.0.2g  1 Mar 2016
Xymonnet
xymonnet version 4.3.25
SSL library : OpenSSL 1.0.2f  28 Jan 2016
LDAP library: OpenLDAP 20442
Error output:
Unspecified SSL error in SSL_connect to https (47873/tcp) on host x.x.x.x:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake
failure
I have tried using different combinations in the hosts.cfg
httpsc://
httpst://
--sni
--no-ssl
...
From the Xymon server, if I run the command:
openssl s_client -connect weburl:443, I get the errors:
CONNECTED(00000003)
140008606660248:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3
alert handshake failure:s23_clnt.c:769:

no peer certificate available
No client certificate CA names sent
SSL handshake has read 7 bytes and written 305 bytes
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher    : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1515083787
Timeout   : 300 (sec)
Verify return code: 0 (ok)
trying: openssl s_client -connect weburl:443 -servername weburl
CONNECTED(00000003)
depth=3 C = US, O = "The Go Daddy Group, Inc.", OU = Go Daddy Class 2
Certification Authority
verify return:1
depth=2 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", CN
= Go Daddy Root Certificate Authority - G2
verify return:1
depth=1 C = US, ST = Arizona, L = Scottsdale, O = "GoDaddy.com, Inc.", OU
= http://certs.godaddy.com/repository/, CN = Go Daddy Secure Certificate
Authority - G2
verify return:1
depth=0 OU = Domain Control Validated, CN = weburl
verify return:1
Certificate chain
0 s:/OU=Domain Control Validated/CN=weburl
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=
http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate
Authority - G2
1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=
http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate
Authority - G2
i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root
Certificate Authority - G2
2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root
Certificate Authority - G2
i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification
Authority
Server certificate
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
subject=/OU=Domain Control Validated/CN=weburl
issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=
http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate
Authority - G2
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
SSL handshake has read 4411 bytes and written 458 bytes
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol  : TLSv1.2
Cipher    : ECDHE-RSA-AES128-GCM-SHA256
Session-ID:
31590AD5C7EC70D6738AE51265DE3B3351503E280EDC0F147616E93CEA374BE3
Session-ID-ctx:
Master-Key:
FE4C481FDFEDC7933F5732859AEA6E6840848A8633E04BA4AA454ED256942E401846033109F1E9AA73534EA2B3261531
Key-Arg   : None
PSK identity: None
PSK identity hint: None
SRP username: None
TLS session ticket lifetime hint: 10800 (seconds)
TLS session ticket:
0000 - bc 67 70 3b a5 1f 62 23-2a 74 e8 04 33 5a e4 8b
.gp;..b#*t..3Z..
0010 - 4d d0 77 a5 6f 5a 88 06-26 9e 19 78 da 59 ce 49
M.w.oZ..&..x.Y.I
0020 - e1 29 8a ec c7 7e 46 07-8c 5a f1 a4 b1 4a 3d c7
.)...~F..Z...J=.
0030 - 83 56 f7 d1 78 b4 0f 12-e6 ca 42 cd 30 b2 63 ac
.V..x.....B.0.c.
0040 - e1 a3 0d fe d3 cf 37 4d-73 05 ae 99 cc 7e f1 7d
......7Ms....~.}
0050 - 92 fb 7f 87 95 f0 8e 12-17 bf 68 11 44 a1 83 45
..........h.D..E
0060 - 2a bb 4c 9a 3e 63 ab ab-0a 3d a8 2f 5d e6 c5 f0
*.L.>c...=./]...
0070 - e1 37 5a 9d 3d ae 15 c3-2f ab 2a 0f 07 a5 f8 ee
.7Z.=.../.*.....
0080 - 2b df 77 03 6b 40 d2 4a-19 d8 01 c6 18 ab 58 f1
+.w.k at .J......X.
0090 - 26 85 ff b2 b8 20 da 8f-8b c6 83 6d 94 5d 28 d4   &....
.....m.](.
00a0 - 6f d3 f0 0f 9e f8 70 ef-df 85 39 d9 1c cc 12 60
o.....p...9....`
Start Time: 1515083843
Timeout   : 300 (sec)
Verify return code: 0 (ok)


Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon

[Xymon] SSL Error

jtrott＠dancrai.com

no peer certificate available

No client certificate CA names sent

SSL handshake has read 7 bytes and written 305 bytes

Server certificate -----BEGIN CERTIFICATE----- ... -----END CERTIFICATE----- subject=/OU=Domain Control Validated/CN=weburl issuer=/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU= http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2

No client certificate CA names sent Peer signing digest: SHA512 Server Temp Key: ECDH, P-256, 256 bits

SSL handshake has read 4411 bytes and written 458 bytes