Your message dated Sat, 24 Nov 2018 08:45:21 +0100
with message-id <[email protected]>
and subject line Re: [Pkg-nagios-devel] Bug#914489: nagios-nrpe-plugin: SSL 
connections to "old" (as in Jessie) nagios-nrpe-server(s) broken
has caused the Debian Bug report #914489,
regarding nagios-nrpe-plugin: SSL connections to "old" (as in Jessie) 
nagios-nrpe-server(s) broken
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
914489: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=914489
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: nagios-nrpe-plugin
Version: 3.2.1-1~bpo9+1
Severity: important

Hi,

After updating nagios-nrpe-plugin in my monitoring host to
3.2.1-1~bpo9+1 most of my monitored instances fail to be checked.
AFAICT only those running Stretch continue to work. The error from the
new nagios-nrpe-plugin is as follows:

Nov 23 21:08:29 XXXX check_nrpe: Error: (!log_opts) Could not complete SSL 
handshake with A.B.C.D: dh key too small

I tried disabling Anonymous Diffie Hellman with '-d 0' but in that case
it also fails to contact remote hosts with:
Nov 23 21:08:34 XXXX check_nrpe: Error: (!log_opts) Could not complete SSL 
handshake with A.B.C.D: sslv3 alert handshake failure

I could not find a combination of -d/-S/-2 that made possible to check
nagios-nrpe-server from Jessie or previous releases. This is a major
showstopper, since upgrading a monitoring host show not force someone to
update *all* their monitored hosts. And -2 is of no use if it cannot
check 2.x nagios-nrpe-servers.

Please fix this for Buster, or at least include a huge warning before
this hits those upgrading to Buster.



-- System Information:
Debian Release: 9.6
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages nagios-nrpe-plugin depends on:
ii  libc6      2.24-11+deb9u3
ii  libssl1.1  1.1.0f-3+deb9u2

nagios-nrpe-plugin recommends no packages.

nagios-nrpe-plugin suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message ---
tags 914489 wontfix
thanks

Hi Alberto,

On 11/23/18 9:26 PM, Alberto Gonzalez Iniesta wrote:
> After updating nagios-nrpe-plugin in my monitoring host to
> 3.2.1-1~bpo9+1 most of my monitored instances fail to be checked.

That is due to changes in openssl, we have no control over that.

For machines with an old openssl you need to disable SSL with -n.

Kind Regards,

Bas

-- 
 GPG Key ID: 4096R/6750F10AE88D4AF1
Fingerprint: 8182 DE41 7056 408D 6146  50D1 6750 F10A E88D 4AF1

--- End Message ---

Reply via email to