Since updating one of my xymon servers from 4.3.12 to 4.3.16, I have been seeing a lot of flapping on https tests to several tomcat servers. These failures are accompanied by lines in xymonnet.log of the form:

Unspecified SSL error in SSL_connect to 8443/tcp on host 10.203.10.42: error:00000000:lib(0):func(0):reason(0)

I've just noticed that: 4.3.12 was built with openssl 0.9.8w 4.3.16 was built with openssl 1.0.1e

These hosts were reporting well on the 4.3.12 instance of this Xymon server. They are still reporting well on my other (4.3.12) server. This appears, to me, to be a failure at establishing an SSL connection so I strongly suspect a difference in openssl behavior is the cause.

The flapping does not appear to be occurring with https checks against my apache web servers, nor against my IIS web servers. Only against instances of tomcat.

I'm going to go explore the differences between 0.9.8 and 1.0.1. My hypothesis is the cause is a change in cipher lists with 1.0.1. Has anyone else already seen these failures and found the cause?

-- Do things because you should, not just because you can.

John Thurston 907-465-8591 John.Thurston at alaska.gov Enterprise Technology Services Department of Administration State of Alaska