Hello Christian, thank you for reporting this issue!
Am Thu, 1 Nov 2018 00:18:26 +0100 schrieb Christian Schrötter <c...@fnx.li>: > I've upgraded my Debian Buster system to OpenSSL 1.1.1-1 (and > libnet-ssleay-perl 1.85-2). Just in case it is easy for you to test: does the paranoid mode still works, if you go back to either the old openssl version (which?) or the old libnet-ssleay-perl version (which?)? > btw: My Munin-Master is running at Debian Jessie. Just for the sake of clarity: * your munin master runs Jessie * your munin-node runs Buster * With "tls paranoid" and "tls_verify_certificate yes" on the munin-node, the master fails to connect to the munin-node. * With "tls enabled" and "tls_verify_certificate no" on the munin-node, the master is able to connect to the node. Is that correct? Could you share the properties of your key and your certificate on the master (with private information cleaned up) with us? (openssl rsa -noout -text <KEY_FILE; openssl x509 -noout -text <CERT_FILE) Maybe some details of your certificate or key are not considered to be safe anymore (e.g. the minimum RSA key size was increased to 2048 in openssl 1.1.1~~pre6-1). If the above details do not yield the cause of the problem, then I will try to reproduce your setup. Cheers, Lars
