Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#381 Expanded SSL Version Selection; Example Use in check_http

release-1.4.16
open
nobody
5
2013-04-30
2013-04-30
J. Bern
No

I had a problem today which seems to have been reported in more or less similar fashion in the bug tracker several times: Misunderstandings between check_http and server implementations that do not support specific SSL/TLS versions. (In my case, the server is a web app running in a CentOS 6 Tomcat 7 and refuses standard check_http requests because of SSLv2 being enabled.)

I noted that the current (1.4.16) options do *not* allow to disable SSLv2 but leave *both* SSLv3 and TLSv1 enabled - so I added negative values to do just that into sslutils.c and (as an example case) check_http.c. Note that I didn't guard against old OpenSSL versions which may not have the required options ...

[root@nagios nagios-plugins-1.4.16b]# plugins/check_http --ssl $PARAMS
CRITICAL - Cannot make SSL connection.
23666:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:

[root@nagios nagios-plugins-1.4.16b]# for SSLVER in 3 2 1 -1 -2 -3 ; do plugins/check_http --ssl=$SSLVER $PARAMS 2>&1 | sed -e "s/^/$SSLVER /" ; done
3 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,070 second response time |time=0,069910s;;;0,000000 size=338B;;;0
2 CRITICAL - Cannot make SSL connection.
1 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,057 second response time |time=0,056833s;;;0,000000 size=338B;;;0
-1 CRITICAL - Cannot make SSL connection.
-1 19823:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:
-2 HTTP OK: HTTP/1.1 200 OK - 338 bytes in 0,061 second response time |time=0,061420s;;;0,000000 size=338B;;;0
-3 CRITICAL - Cannot make SSL connection.
-3 19827:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:583:

Discussion

  • J. Bern
    J. Bern
    2013-04-30

    Patch (against 1.4.16)

     
    Attachments