[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
ssl version problem
|
From: |
Mark F. |
|
Subject: |
ssl version problem |
|
Date: |
30 Jan 2003 09:21:14 -0800 |
I have an ssl test that is not working, maybe a bug since this part of
the code is so new.
I have setup monit on a Red Hat 7.1 system. The openssl is the latest
provided by RH on their eratta page (openssl-0.9.6-13 RPM).
Here is the relevant part of my .monitrc file
==>
check rrp with pidfile /var/run/rrps-cc.pid
start program = "/etc/init.d/rrp start"
stop program = "/etc/init.d/rrp stop"
port 648 type TCPSSL
mode passive
# using value supplied by
# openssl x509 -fingerprint -in /usr/local/rrp/certs/rrp.enic.cc.cer
certmd5 26-D2-6B-96-29-88-19-68-51-35-AF-5C-C2-D5-01-07
timeout(5,5)
<==
Here the log output showing the test failing
==>
[PST Jan 30 09:09:04] 'rrp' succeeded connecting to INET[localhost:648]
[PST Jan 30 09:09:04] monit: Openssl syscall error during
embed_ssl_socket(): Connection reset by peer!
[PST Jan 30 09:09:04] 'rrp' failed establish SSL communication on socket
at INET[localhost:648]
<==
To get right down to it, I think the problem has to do with what version
of the ssl protocol is being used for the check.
For example:
openssl s_client -connect localhost:648 -bugs <--FAILS
openssl s_client -connect localhost:648 -bugs -ssl2 <--FAILS
openssl s_client -connect localhost:648 -bugs -ssl3 <--WORKS!
openssl s_client -connect localhost:648 -bugs -tls1 <--FAILS
So is there a way to force version 3 on the monit test? Maybe this can
be controlled in the /usr/local/ssl/openssl.cnf file, but I didn't see
it there.
I'm glad to provide a trace if anyone cares to see it.
Thanks.
Mark
- ssl version problem,
Mark F. <=