On Wed, November 1, 2023 07:53, Axel Beckert wrote:
Hi,
On Wed, Nov 01, 2023 at 02:21:04PM +0100, Ingeborg Hellemo via Xymon wrote:
I have a webserver which works ok when you visit it in a browser or when you use curl, but Xymon http test shows "SSL error". Tests with "openssl s_client" from the command line works as expected.
Could the culprit be that xymonnet does not support HTTP/2 ?
I don't think so. It's probably more an issue of incompatible ciphers or so. Or is that an HTTP/2-only server? So far I'm also not aware of any HTTP/2 only (production) web server. Maybe this will come in the future.
But yeah, as far as I know, xymonnet does not support HTTP/2 ??? nor HTTP/3. Then again, it might be possible to implement a minimal client via protocols.cfg hex syntax like with e.g. ajp13 or rdp. But if the handshake needs anything outside the standard TLS handshake (and I'm not that versed in HTTP/2), it will not work.
And indeed, builtin xymonnet support for HTTP/2 and HTTP/3 would be nice, especially if you could monitor the availability of protocol versions separately (like for HTTPS and HTTP). But I suspect this would need an 3rd party library like curl or nghttp2 to be used.
A basic http/2 check really would be useful, but agreed I wouldn't want to add in another library unless, like with openldap, it's just too complex to do otherwise. I haven't looked into the binary header packing involved too much. This was another backburnered item on the list, but if there's demand for /2 testing specifically then it should be bumped up.
-jc