Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9879

https monitoring breaks when TLS V1.0 protocol disallowed

    XMLWordPrintable

    Details

      Description

      Agent checks for net.tcp.service[https...] as well as web scenarios broke when target server was reconfigured to disallow TLS V1.0 protocol (forcing TLS 1.1, 1.2). Web scenario reports error message "SSL connect error: Encountered end of file".

      Underlying issue with curl (shell command) attempting to connect to same URL generates "NSS error -5938 (PR_END_OF_FILE_ERROR)" and error 35, but forcing protocol with '--tlsv1.1' option does connect happily. However, no way to do this in UI, and it's not clear why current implementation won't negotiate >= 1.1 since it's capable.

        Attachments

        1. curl-7.19.7-46-nss_ssl_default_range_fix.patch
          0.4 kB
          MATSUDA Daiki
        2. server.py
          1 kB
          Andrejs Tumilovics
        3. zabbix-2.0.16-add-tlsv1.x-option.patch
          2 kB
          MATSUDA Daiki
        4. zabbix-2.0.16-force-tlsv1.x.patch
          1 kB
          MATSUDA Daiki

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            kmp K. M. Peterson
            Votes:
            23 Vote for this issue
            Watchers:
            31 Start watching this issue

              Dates

              Created:
              Updated: