[Nagiosplug-devel] FW: [Nagios-checkins] SSL error for NRPE

Arnold Wang awang at qrs.com
Fri Aug 13 14:30:07 CEST 2004


Here is the output, which is beyond me to interpret.
[root at rcarhld01 /]# openssl s_client -connect rcaaixd02:5666 -debug
CONNECTED(00000003)
write to 080AD2F8 [080AD340] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 d1 1c   ................
0070 - cc d9 8f 5d 03 e5 47 6f-03 87 0d d3 4b 9c b7 49   ...]..Go....K..I
0080 - 99 1e 4d a1 d7 88 b8 42-cb 2e 28 a9 c5 be         ..M....B..(...
read from 080AD2F8 [080B28A0] (7 bytes => 0 (0x0))
15787:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:

The following is the output when I run nrpe -d on the remote host.
[root at rcarhld01 libexec]# openssl s_client -connect rcaaixd02:5666 -debug
CONNECTED(00000003)
write to 080AD2F8 [080AD340] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00   ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0   8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00   ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00   .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40   b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00   ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 e4 c0   ................
0070 - de c2 fd f6 10 55 22 dc-3d fc d2 40 e3 4b db 60   .....U".=.. at .K.`
0080 - 6d d6 35 30 4b 05 50 58-71 e0 47 e1 d6 ec         m.50K.PXq.G...
read from 080AD2F8 [080B28A0] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28                              ......(
16818:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:470:
-----Original Message-----
From: Tim Brazil [mailto:brazil at sendmail.com] 
Sent: Friday, August 13, 2004 2:11 PM
To: Arnold Wang
Cc: nagiosplug-devel at lists.sourceforge.net
Subject: Re: [Nagiosplug-devel] FW: [Nagios-checkins] SSL error for NRPE

The way you may be able to figure it out is via debug output from 
openssl s_client. Make sure your client and server share the same cyphers

/usr/bin/openssl s_client -connect <yourhost>:5666 -debug


Arnold Wang wrote:

> I posted the following message to the checkins list and haven't 
> received any response yet, I hope I can get some helps here.
>
> ------------------------------------------------------------------------
>
> *From:* Arnold Wang
> *Sent:* Friday, August 13, 2004 11:51 AM
> *To:* nagios-checkins at lists.sourceforge.net
> *Subject:* [Nagios-checkins] SSL error for NRPE
>
> I received the following error "CHECK_NRPE: Error - Could not complete 
> SSL handshake." when I tried to run check_nrpe from the monitoring 
> host. The monitoring host is running RedHat Enterprise 3.0 and the 
> monitored host is running AIX 5.3. The problem only happens if I run 
> nrpe in inetd mode. If I run nrpe as a separate daemon, with -d 
> option, it's working fine.
>
> Thanks in advance for your help.
>






More information about the Devel mailing list