On 2023-11-08 13:14, Ingeborg Hellemo via Xymon wrote:
tom at 4schmidts.com said:
HTTP/2 support is currently not in xymon, including in the 4.4alpha1development tree. I did a little testing, and sites like google that support HTTP/2 still pass the xymonnet checks as seen below:
As you pointed out HTTP/2 is not part of the equation. (We turned it off completely on the server just to be sure).
But I'm not any closer to resolving the issue. As I said, webpage in browser - no errors, curl - no errors, 'openssl s_client' no errors.
~/server/bin/xymonnet --debug --no-update <servername>
35422 2023-11-08 13:06:06.168385 1 status messages merged into 1 transmissions Address=[IP]:443, open=1, res=0, err=5, connecttime=0.000303, totaltime=0.002631, httpstatus = -5, open=1, errcode=5, parsestatus=0 Response: (no headers) URL : https://<servername>/ HTTP status : -5 HTTP headers (NULL) HTTP output (NULL)
Any ideas?
Anything in your xymonnet.log file? I just got the same error, after upgrading my xymon server from FreeBSD 13.2 to 14.0. Turns out that OpenSSl 3.0, which is included in FreeBSD 14.0 doesn't support TLS 1.0 out-of-the-box. My old switches only support TLS 1.0.
The xymonnet.log have these entries:
2023-12-15 21:03:49.454627 Unspecified SSL error in SSL_connect to https (47873/tcp) on host 192.168.1x1.2x3: error:0A000152:SSL routines::unsafe legacy renegotiation disabled
Of course, if your test tools use the same OpenSSL library as xymon, they ought fail as well, but it sounds like an incompatible cipher issue.
-- Med venlig hilsen - Sincerely Uffe R. B. Andersen - mailto:urb at twe.net http://blog.andersen.nu/
participants (1)
-
urb@twe.net