Martin,
There is an option for xymonnet to enable SNI - here's my tasks.cfg snippet - see man xymonnet
[xymonnet] ENVFILE /home/xymon/server/etc/xymonserver-net.cfg NEEDS xymond CMD xymonnet --report --ping --checkresponse --bb-proxy-syntax --sni=on --timeout=20 --sslkeysize=2048 LOGFILE $XYMONSERVERLOGS/xymonnet.log INTERVAL 5m
Hi Xymon community,
I'm getting a bunch of SSL Error alerts on some websites.
Here is one example:
https://kct-uat.agriculture.vic.gov.au/
If I add this to xymon, I get:
Thu Nov 3 03:50:38 2016: SSL error red https://kct-uat.agriculture.vic.gov.au/- SSL error
I did some digging through the xymon archives and openssl errors and found this:
http://lists.xymon.com/archive/2013-January/036688.html
and this:
http://stackoverflow.com/questions/24457408/openssl-command-to-check-if-a-se...
so when I run this command from my Xymon server I get the 104 error:
openssl s_client -connect kct-uat.agriculture.vic.gov.au:443
CONNECTED(00000003) write:errno=104
no peer certificate available
No client certificate CA names sent
SSL handshake has read 0 bytes and written 247 bytes
New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE
But if I add the SNI, I get a nice connection:
openssl s_client -connect kct-uat.agriculture.vic.gov.au:443
-servername kct-uat.agriculture.vic.gov.au CONNECTED(00000003) depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert High Assurance EV Root CA verify return:1 depth=1 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert SHA2 High Assurance Server CA verify return:1 depth=0 C = AU, ST = Victoria, L = Melbourne, O = "Department of Economic Development, Jobs Transport and Resources", CN = *.agriculture.vic.gov.au verify return:1
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384 Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1.2 Cipher : ECDHE-RSA-AES256-SHA384 Session-ID: DC460000EC412D00D689C7E10DF575272E026FF475153A6367229629D79D15CF Session-ID-ctx: Master-Key: 0EE96C944F5746D3524A17580FD7907716FBA724C1B8909CA96430C2F7262EC469CD9CBD1D25A6ADDB791A6E45AAAB76
Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1478145325 Timeout : 300 (sec) Verify return code: 0 (ok)But now I'm not sure what to do next... Any ideas?
Thanks,
Martin.
Department of Economic Development, Jobs, Transport and Resources, Government of Victoria, Victoria, Australia.
This email, and any attachments, may contain privileged and confidential information. If you are not the intended recipient, you may not distribute or reproduce this e-mail or the attachments. If you have received this message in error, please notify us by return email.
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon
-- David Baldwin - Senior Systems Administrator (Datacentres + Networks) Digital Information Management and Technology Australian Sports Commission http://ausport.gov.au Tel 02 62147830 Fax 02 62141830 PO Box 176 Belconnen ACT 2616 david.baldwin at ausport.gov.au 1 Leverrier Street Bruce ACT 2617 Our Values: RESPECT + INTEGRITY + TEAMWORK + EXCELLENCE
Keep up to date with what's happening in Australian sport visit http://www.ausport.gov.au