[Nagiosplug-devel] FW: [Nagios-checkins] SSL error for NRPE
Arnold Wang
awang at qrs.com
Fri Aug 13 14:30:07 CEST 2004
Here is the output, which is beyond me to interpret.
[root at rcarhld01 /]# openssl s_client -connect rcaaixd02:5666 -debug
CONNECTED(00000003)
write to 080AD2F8 [080AD340] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 d1 1c ................
0070 - cc d9 8f 5d 03 e5 47 6f-03 87 0d d3 4b 9c b7 49 ...]..Go....K..I
0080 - 99 1e 4d a1 d7 88 b8 42-cb 2e 28 a9 c5 be ..M....B..(...
read from 080AD2F8 [080B28A0] (7 bytes => 0 (0x0))
15787:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake
failure:s23_lib.c:226:
The following is the output when I run nrpe -d on the remote host.
[root at rcarhld01 libexec]# openssl s_client -connect rcaaixd02:5666 -debug
CONNECTED(00000003)
write to 080AD2F8 [080AD340] (142 bytes => 142 (0x8E))
0000 - 80 8c 01 03 01 00 63 00-00 00 20 00 00 39 00 00 ......c... ..9..
0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5............
0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 66 00 ..3..2../.....f.
0030 - 00 05 00 00 04 01 00 80-08 00 80 00 00 63 00 00 .............c..
0040 - 62 00 00 61 00 00 15 00-00 12 00 00 09 06 00 40 b..a...........@
0050 - 00 00 65 00 00 64 00 00-60 00 00 14 00 00 11 00 ..e..d..`.......
0060 - 00 08 00 00 06 04 00 80-00 00 03 02 00 80 e4 c0 ................
0070 - de c2 fd f6 10 55 22 dc-3d fc d2 40 e3 4b db 60 .....U".=.. at .K.`
0080 - 6d d6 35 30 4b 05 50 58-71 e0 47 e1 d6 ec m.50K.PXq.G...
read from 080AD2F8 [080B28A0] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
16818:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure:s23_clnt.c:470:
-----Original Message-----
From: Tim Brazil [mailto:brazil at sendmail.com]
Sent: Friday, August 13, 2004 2:11 PM
To: Arnold Wang
Cc: nagiosplug-devel at lists.sourceforge.net
Subject: Re: [Nagiosplug-devel] FW: [Nagios-checkins] SSL error for NRPE
The way you may be able to figure it out is via debug output from
openssl s_client. Make sure your client and server share the same cyphers
/usr/bin/openssl s_client -connect <yourhost>:5666 -debug
Arnold Wang wrote:
> I posted the following message to the checkins list and haven't
> received any response yet, I hope I can get some helps here.
>
> ------------------------------------------------------------------------
>
> *From:* Arnold Wang
> *Sent:* Friday, August 13, 2004 11:51 AM
> *To:* nagios-checkins at lists.sourceforge.net
> *Subject:* [Nagios-checkins] SSL error for NRPE
>
> I received the following error "CHECK_NRPE: Error - Could not complete
> SSL handshake." when I tried to run check_nrpe from the monitoring
> host. The monitoring host is running RedHat Enterprise 3.0 and the
> monitored host is running AIX 5.3. The problem only happens if I run
> nrpe in inetd mode. If I run nrpe as a separate daemon, with -d
> option, it's working fine.
>
> Thanks in advance for your help.
>
More information about the Devel
mailing list