small medium large xlarge

Stephen-viles_pragsmall
21 Apr 2016, 08:50
Stephen Viles (3 posts)

On page 49 of the PDF, Nagios command check_tomcat_https contains --ssl=3 which forces the use of SSLv3:

vagrant@monitor:~$ /usr/lib/nagios/plugins/check_http --help
check_http v1.4.16 (nagios-plugins 1.4.16)
...
 -S, --ssl=VERSION
    Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
    auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).

SSLv3 is no longer secure and causes the check to fail:

CRITICAL - Cannot make SSL connection. 3073840776:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:340:

The check will pass if you either remove =3 (to allow auto-negotiation) or change =3 to =1

You must be logged in to comment