Thank you. The Sni has worked.
Martin
From: Matthew Goebel <user-15cc4fabfae6@xymon.invalid>
Sent: 25 March 2020 13:16
To: user-a3e8c15f1d86@xymon.invalid
Cc: xymon at xymon.com
Subject: Re: [Xymon] Monitoring websites using TLS1.3
Try adding sni to your hosts.cfg line for that server.
Matt
On Wed, Mar 25, 2020 at 8:45 AM <user-a3e8c15f1d86@xymon.invalid <mailto:user-a3e8c15f1d86@xymon.invalid> > wrote:
I?m trying to monitor a website that is operated on part of Cloudflare?s setup and I am failing to get a positive result. The website uses TLS1.3 and Xymonnet tells me that it was built USING OpenSSL v 1.1.0g (Xymon version 4.3.28) which only handles TLS variants 1.0, 1.1, and 1.2.
I?m monitoring the server using the hosts.cfg entry:
0.0.0.0 Website # noconn nosslcert https3://www.website.com/ <http://www.website.com/>;
I?ve tried other httpsX variants and no joy. The result I get from the website test is the rather sparse ?- SSL error?
Digging into Xymonnet gives a more cryptic
Unspecified SSL error in SSL_connect to https (47873/tcp) on host xx.xx.xx.xx: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
I?m assuming the issue is around the version of OpenSSL, as the OpenSSL v1.1.1 beta version manages TLS1.3 whereas OpenSSL v1.1.0g does not.
I have three questions:
- Is there a way of setting Xymon up to manage this monitoring?
- When is it planned to include OpenSSL v1.1.1 in a Xymon build?
- In the meantime, is it worth writing a simple script to test the HTTPS response I need and feed this to Xymon separately?
Many thanks
Martin Davies
--
Matthew Goebel : user-74d13dabeb26@xymon.invalid <mailto:user-74d13dabeb26@xymon.invalid> : Unix Jockey @ EMU : Hail Eris
Neo-Student, Net Lurker, Donut consumer, and procrastinating medher...
"Always with the negative waves, Moriarty" - Oddball
"Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer