sslv3 error while testing https
list Rolf Schrittenlocher
Dear all, we disabled for security reasons sslv3 in apache. Since then xymon complains about not being able to negotiate sslv3 and goes read with an ssl error. https://lists.xymon.com/archive/2014-December/040782.html shows that with bbtest-net could specificate which ssl version to use. This doesn't seem to be possible with xymon. Any hints how to test https correctly without sslv3? We are using xymon 4.3.17, Thanks Rolf
list Mike Burger
▸
On 2020-05-20 06:30, Schrittenlocher, Rolf wrote:
Dear all, we disabled for security reasons sslv3 in apache. Since then xymon complains about not being able to negotiate sslv3 and goes read with an ssl error. https://lists.xymon.com/archive/2014-December/040782.html shows that with bbtest-net could specificate which ssl version to use. This doesn't seem to be possible with xymon. Any hints how to test https correctly without sslv3? We are using xymon 4.3.17,
Hello, Rolf. I recently came across the same issue when one of the sites I monitor did the same. My Google searches lead to the possiblity of doing one of two things: 1) Modify the xymonnet call in tasks.cfg to include --sni (the default is --nosni) 2) Add "sni" to the site's entry in hosts.cfg (adding this to the hosts.cfg overrides the default behavior and/or the behavior as configured in tasks.cfg, for the host entry in question). I employed #2 and it cleared up the problem for me. -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1
list Rolf Schrittenlocher
Thank you Mike, we tried both hints in vain. The last hint we found then was compiling xymon with a newer version of openssl. We'll try that one, greetings Rolf
▸
Von: Mike Burger <user-cc5c6e80f4c5@xymon.invalid>
Gesendet: Donnerstag, 21. Mai 2020 17:07
An: Schrittenlocher, Rolf
Cc: xymon at xymon.com; Lokalsystem: IT
Betreff: Re: [Xymon] sslv3 error while testing https
On 2020-05-20 06:30, Schrittenlocher, Rolf wrote:Dear all, we disabled for security reasons sslv3 in apache. Since then xymon complains about not being able to negotiate sslv3 and goes read with an ssl error. https://lists.xymon.com/archive/2014-December/040782.html shows that with bbtest-net could specificate which ssl version to use. This doesn't seem to be possible with xymon. Any hints how to test https correctly without sslv3? We are using xymon 4.3.17,
Hello, Rolf. I recently came across the same issue when one of the sites I monitor did the same. My Google searches lead to the possiblity of doing one of two things: 1) Modify the xymonnet call in tasks.cfg to include --sni (the default is --nosni) 2) Add "sni" to the site's entry in hosts.cfg (adding this to the hosts.cfg overrides the default behavior and/or the behavior as configured in tasks.cfg, for the host entry in question). I employed #2 and it cleared up the problem for me. -- Mike Burger http://www.bubbanfriends.org "It's always suicide-mission this, save-the-planet that. No one ever just stops by to say 'hi' anymore." --Colonel Jack O'Neill, SG1