Check Http Cannot Make Ssl Connection Error On Receive
Contents |
post Mon, 30/03/2015 - 10:47 #1 wuesten_fuchs Offline Last seen: 1 week 1 day ago Joined: 20.02.2014 - 21:16 check_http not working properly nagios http critical - error on receive with SSL option when only TLS is supported Hello, I am
Check_http Ssl
trying to use check_http for SSL web servers. It works for web servers that support at least
Check_https Nagios
still SSLv3 but fails on servers that do no longer support SSLv2 and SSLv3 and only TLSv1 and newer. Can you please update Nagwin to support such web
Nagios Plugins
servers? Thanks! Kai-Uwe Rommel Top reply Mon, 30/03/2015 - 13:30 #2 itefix Offline Last seen: 7 hours 14 min ago Joined: 01.05.2008 - 21:33 check_http we provide is a check_http we provide is a plain distribution from Nagios plugins. Can you give us working and non-working examples ? It may be related to the OpenSSL version. Top reply Mon, 30/03/2015 - 13:43 (Reply to #2) #3 wuesten_fuchs Offline Last seen: 1 week 1 day ago Joined: 20.02.2014 - 21:16 D:\Nagios\plugins>check_http D:\Nagios\plugins>check_http -H isaak.ars.de -p 38443 -u /webconsole/login -SHTTP OK: HTTP/1.1 200 OK - 26127 bytes in 0.332 second response time |time=0.331901s;;;0.0 D:\Nagios\plugins>check_http -H www.ars.de -p 443 -u /web -SCRITICAL - Cannot make SSL connectionHTTP CRITICAL - Error on receive The first host is an internal server here and it supports SSLv3 and TLS up to 1.2 and uses a self certified certificate. The second host is our official web server and only supports TLS 1.0 and TLS 1.2 and has a certificate issued by COMMODO. The same error happens with check_tcp as well. D:\Nagios\plugins>check_http --versioncheck_http v1.4.15 (nagios-plugins 1.4.15) Perhaps you need to switch to current plugins for your distribution? On http://nagios-plugins.org/ it says 2.0.3 is current ... The 1.4.15 does also not accept an argument to --ssl that newer version do support to select the protocol level. Top reply Mon, 30/
09:19 #1 Nachofw Offline Last seen: 2 months 3 weeks ago Joined: 01/17/2014 - 08:59 Posts: 35 check_http ssl error after an update on a web server i was checking with zenoss i receive https://www.itefix.net/content/checkhttp-not-working-properly-ssl-option-when-only-tls-supported the following error: CRITICAL - Cannot make SSL connection 1948:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:578: HTTP CRITICAL - Error on receive web server is now using tls 1.2 AES_128_GCM and ECDHE_RSA. so mi guess is that the check_http plugin http://www.zenoss.org/forum/9066 is outdated on the newest ciphers suites. command i run using zenoss 3.2.1 and 4.2.4. check_http -H
Next message: [Nagiosplug-help] check_interval threshold Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] Hi, I've upgraded https://nagios-plugins.org/archive/help/2010-January/005627.html the official nagios plugins from v1.4.13 to v1.4.14. Unfortunately, I've https://github.com/monitoring-plugins/monitoring-plugins/issues/1137 noticed that the check_http plugin reacts differently when using ssl. I suspect a bug in the new version of the check_http plugin (or may be a conflict between this version of check_http and the SSL library on 64bits OS, error on as I'm running it on Debian Lenny amd64). Hope you could validate that it's a bug or not. Do not hesitate to ask for some other tests or other information. Thanks in advance. Best regards, Yannick Following the execution of the 2 versions of the plugin in verbose mode: nagios error on receive at nagios3:/usr/local/nagios/libexec$ ls | grep check_http check_http1.4.14 check_http1.4.13 nagios at nagios3:/usr/local/nagios/libexec$ /usr/local/nagios/libexec/check_http1.4.14 -H xxx.xxx.xxx.xxx -p 1839 --ssl --url=/emd/main -w 15 -c 30 -v CRITICAL - Cannot make SSL connection 31203:error:140773F2:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert unexpected message:s23_clnt.c:578: GET /emd/main HTTP/1.1 User-Agent: check_http/v1.4.14 (nagios-plugins 1.4.14) Connection: close Host: xxx.xxx.xxx.xxx:1839 HTTP CRITICAL - Error on receive nagios at nagios3:/usr/local/nagios/libexec$ nagios at nagios3:/usr/local/nagios/libexec$ /usr/local/nagios/libexec/check_http1.4.13 -H xxx.xxx.xxx.xxx -p 1839 --ssl --url=/emd/main -w 15 -c 30 -v GET /emd/main HTTP/1.0 User-Agent: check_http/v2053 (nagios-plugins 1.4.13) Connection: close Host: xxx.xxx.xxx.xxx:1839 https://xxx.xxx.xxx.xxx:1839/emd/main is 330 characters STATUS: HTTP/1.1 200 OK **** HEADER **** Content-Type: text/html; charset=UTF-8 Connection: Close X-ORCL-EMSV: 10.1.0.6.0 X-ORCL-EMCT: 2010-01-05 18:34:14 Content-Length: 172 **** CONTENT ****
EMAgent10.1.0.6.0
Congratulations, EMAgent is working!
HTTP OK HTTP/1.1 200 OK - 330 bytes in 0.052 seconds |time=0.051621s;15.000000;30.000000;0.000000 size=330B;;;0 nagios at nagios3:/usr/local/nagios/libexec$ -------------- next part -------------- An HTML attachment was scrubbed... URL: Support Search GitHub This repository Watch 56 Star 278 Fork 163 monitoring-plugins/monitoring-plugins Code Issues 201 Pull requests 62 Projects 0 Wiki Pulse Graphs New issue Expanded SSL Version Selection; Example Use in check_http [sf#3612263] #1137 Closed monitoring-user opened this Issue Sep 24, 2013 · 3 comments Projects None yet Labels enhancement import patch Milestone No milestone Assignees No one assigned 3 participants monitoring-user commented Sep 24, 2013 Submitted by j-bern on 2013-04-30 12:38:02 I had a problem today which seems to have been reported in more or less similar fashion in the bug tracker several times: Misunderstandings between check_http and server implementations that do not support specific SSL/TLS versions. (In my case, the server is a web app running in a CentOS 6 Tomcat 7 and refuses standard check_http requests because of SSLv2 being enabled.) I noted that the current (1.4.16) options do not allow to disable SSLv2 but leave both SSLv3 and TLSv1 enabled - so I added negative values to do just that into sslutils.c and (as an example case) check_http.c. Note that I didn't guard against old OpenSSL versions which may not have the required options ... [root@nagios nagios-plugins-1.4.16b]# plugins/check_http --ssl $PARAMS CRITICAL - Cannot make SSL connection. 23666:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583: [root@nagios nagios-plugins-1.4.16b]# for SSLVER in 3 2 1 -1 -2 -3 ; do plugins/check_http --ssl=$SSLVER $PARAMS 2>&1 | sed -e "s/^/$SSLVER /" ; done 3 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,070 second response time |time=0,069910s;;;0,000000 size=338B;;;0 2 CRITICAL - Cannot make SSL connection. 1 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,057 second response time |time=0,056833s;;;0,000000 size=338B;;;0 -1 CRITICAL - Cannot make SSL connection. -1 19823:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583: -2 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,061 second response time |time=0,061420s;;;0,000000 size=338B;;;0 -3 CRITICAL - Cannot make SSL connection. -3 19827:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583: monitoring-user commented Sep 24, 2013 Added File: https://www.nagios-plugins.org/attachments/463009-NegSSLVers.patch Monitoring Plugins member waja commented Oct 1, 2013 This should