Just a thought: Do you have all your CA certs in the right place??
Ralph Mitchell
On Mon, Sep 17, 2012 at 4:40 PM, Michael Gallen
<user-6c5d8fa37900@xymon.invalid>wrote:
Hi All
I need help resolving OpenSSL errors for some internal and some public
https sites.
I am migrating from Hobbit 4.2.0 on CentOS 5.5 to Xymon 4.3.9 on CentOS
6.2
Everything works fine on CentOS 5.5 but on CentOS 6.2 we get SSL errors
for some of our https sites.
Some https sites test ok, others always fail.
Hobbit uses openssl 0.9.8e-12.el5_5.7
Xymon uses openssl 1.0.0-25.el6_3.1
The error also displays when testing with wget and openssl –debug, please
see below..
[xymon at xymon server]$ wget https://wiki.local.com
--2012-09-17 16:19:45-- https://wiki.local.com/
Resolving wiki.avotuscorp.com... 10.12.0.61
Connecting to wiki.local.com|10.12.0.61|:443... connected.
OpenSSL: error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message
Unable to establish SSL connection.
[xymon at xymon server]$ openssl s_client -connect wiki.local.com:443 -state
-debug
CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0x89dcab0 [0x8a13ac8] (113 bytes => 113 (0x71))
0000 - 16 03 01 00 6c 01 00 00-68 03 01 50 57 86 8f 01 ....l...h..PW...
0010 - 39 d7 67 bc af ad dd 03-01 44 c8 f7 ca 43 0e 69 9.g......D...C.i
0020 - bf dc 31 da 0b 44 c8 2f-5a 5c 57 00 00 3a 00 39 ..1..D./Z\W..:.9
0030 - 00 38 00 88 00 87 00 35-00 84 00 16 00 13 00 0a .8.....5........
0040 - 00 33 00 32 00 9a 00 99-00 45 00 44 00 2f 00 96 .3.2.....E.D./..
0050 - 00 41 00 05 00 04 00 15-00 12 00 09 00 14 00 11 .A..............
0060 - 00 08 00 06 00 03 00 ff-02 01 00 00 04 00 23 ..............#
0071 - <SPACES/NULS>
SSL_connect:SSLv2/v3 write client hello A
read from 0x89dcab0 [0x8a19028] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 0a .......
SSL3 alert read:fatal:unexpected_message
SSL_connect:error in SSLv2/v3 read server hello A
3077838572:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
unexpected message:s23_clnt.c:674:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 113 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Thanks for any help
*Michael*
Disclaimer: This email message and any attachments are for the sole use of
the intended recipient(s) and may contain information that is confidential,
legally privileged or otherwise exempt from disclosure under applicable
law. If you are not the intended recipient(s) or have received this message
in error, you are instructed to immediately notify the sender by return
email and required to delete this message from your computer system. This
communication does not form any contractual obligation on behalf of the
sender, the sender's employer or such employer's parent company, affiliates
or subsidiaries.