[ZBX-8003] SSL connect error (Debian 7 Wheezy) Created: 2014 Mar 31  Updated: 2017 May 30  Resolved: 2014 Mar 31

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Server (S)
Affects Version/s: None
Fix Version/s: None

Type: Incident report Priority: Major
Reporter: Erik Hulsmann Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Ubuntu Intrepid install of Zabbix (1.6.1) and curl (7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8)

Issue Links:
Duplicate
duplicates ZBX-727 SSL connect error Closed

 Description   

Monitoring a particular web service fails with an SSL connect error (the log contains: Error doing curl_easy_perform [SSL connect error]). I tried connecting to the service via curl directly from the console and it does not exhibit this error.

The URL that we are attempting to monitor is https://secure.braintreepaymentgateway.com/api/transact.php

Here is the output of my request from the console:

curl -v https://secure.braintreepaymentgateway.com/api/transact.php

  • About to connect() to secure.braintreepaymentgateway.com port 443 (#0)
  • Trying 216.35.170.140... connected
  • Connected to secure.braintreepaymentgateway.com (216.35.170.140) port 443 (#0)
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • SSLv3, TLS handshake, Client hello (1):
  • SSLv3, TLS handshake, Server hello (2):
  • SSLv3, TLS handshake, CERT (11):
  • SSLv3, TLS handshake, Server finished (14):
  • SSLv3, TLS handshake, Client key exchange (16):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSLv3, TLS change cipher, Client hello (1):
  • SSLv3, TLS handshake, Finished (20):
  • SSL connection using AES256-SHA
  • Server certificate:
  • subject: /C=US/O=secure.braintreepaymentgateway.com/OU=GT43183304/OU=See www.rapidssl.com/resources/cps (c)09/OU=Domain Control Validated - RapidSSL(R)/CN=secure.braintreepaymentgateway.com
  • start date: 2009-02-19 22:23:12 GMT
  • expire date: 2010-03-22 21:23:12 GMT
  • common name: secure.braintreepaymentgateway.com (matched)
  • issuer: /C=US/O=Equifax Secure Inc./CN=Equifax Secure Global eBusiness CA-1
  • SSL certificate verify ok.
    > GET /api/transact.php HTTP/1.1
    > User-Agent: curl/7.18.2 (i486-pc-linux-gnu) libcurl/7.18.2 OpenSSL/0.9.8g zlib/1.2.3.3 libidn/1.8
    > Host: secure.braintreepaymentgateway.com
    > Accept: /
    >
    < HTTP/1.1 200 OK
    < Date: Fri, 20 Feb 2009 14:53:11 GMT
    < Server: Apache
    < Content-Length: 125
    < Content-Type: text/html
    <
  • Connection #0 to host secure.braintreepaymentgateway.com left intact
  • Closing connection #0
  • SSLv3, TLS alert, Client hello (1):
    response=3&responsetext=Invalid Username&authcode=&transactionid=0&avsresponse=&cvvresponse=&orderid=&type=&response_code=300

For some discussion of this info see http://www.zabbix.com/forum/showthread.php?t=11730

 Comments   
Comment by Erik Hulsmann [ 2014 Mar 31 ]

Cloned this one, because the original said it affects Zabbix 1.6.1 and curl 7.18, but this report is about Zabbix 2.2.2 and curl 7.26.

Can't change the description and affected version though. Please change.

Comment by Aleksandrs Saveljevs [ 2014 Mar 31 ]

The original ZBX-727 is still open, no need to keep several issues open for each affected version.

Comment by Erik Hulsmann [ 2014 Mar 31 ]

Then can you update the ZBX-727 ticket to list all affected versions? The current bug suggests it's not applicable to 2.2.x.

Comment by Oleksii Zagorskyi [ 2014 Mar 31 ]

There were no any needs to clone the ZBX-727.
Continue discussion there.

CLOSED.

Comment by Aleksandrs Saveljevs [ 2014 Mar 31 ]

Erik, by default a bug is considered to affect the specified version and all later versions.

Generated at Fri Jun 27 06:29:52 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.