Hi Horatiu. To connect to a site that uses CloudFlare Universal SSL [1], you need to specify the SNI (Server Name Indication) header. Modern browsers do this by default, but for s_client you need to do this...
openssl s_client -connect <target>:443 -servername <target> This isn't an OpenSSL bug, so I suggest closing this ticket. [1] https://blog.cloudflare.com/introducing-universal-ssl/ On 15/09/15 15:33, Horatiu N via RT wrote: > Greetings, > > Using the nagios plugins (latest debian package for 8.1) to check > availability of https websites using cloudflare gives errors >> CRITICAL - Cannot make SSL connection. >> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 >> alert internal error:s23_clnt.c:770: > > same goes if i attempt to run >> openssl s_client -connect <target>:443 > > This basically makes monitoring impossible at this time, > Any idea how to remedy this situation ? > > i attached a textfile with sample domains as extracted from the > certificate's "Certificate Subject alt name" > it's reproducible on any target as long as it's online > > openssl version >> OpenSSL 1.0.1k 8 Jan 2015 > > > dpkg -l openssl >> ii openssl 1.0.1k-3+deb8u1 amd64 Secure >> Sockets Layer toolkit - cryptographic utility > > tried also to compile the newest one from openssl.org and use it, same > problem. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev