Just so the list is informed too. The webserver that was being tested used *only* TLS 1.2 and currently Servers Alive does NOT support TLS 1.2, that's why it fails. Servers Alive's HTTPS checking is based on a shrinkwrapped component (meaning it was not dev for us, but is generaly available) and this components uses OpenSSL 0.9.8zf for the SSL part. OpenSSL 0.9.8zf does not support TLS 1.2 either Support for TLS 1.2 was added to OpenSSL 1.0.1/2. OpenSSL 1.0.1 and 1.0.2 is much slower then 0.9.8 and is not just (from a dev point of view) a simple "replacement". I talked to the developper of the component we're using and he knows that at some point he will have to update to a more recent version of OpenSSL (1.0.1/2/3/...), but for the moment due to the "speed" problems there is no real timeframe/date for it. IF (and clearly IF) there are a lot of requests for TLS 1.2 checks (https checks I mean) then we *could* make a hack on Servers Alive, were we force specificly the use of a different component (less flexible when it comes to support) just for TLS1.2. However our preference would be to continue to use the current component and "wait" until it's updated with TLS 1.2 support. The problem mentioned by Jason was "solved" by changing some settings on the webserver, and make it work with something else then TLS1.2. dirk;
-------------------------------------------------------------------------------- From: Servers Alive Discussion List [mailto:[email protected]] On Behalf Of Jason Passow Sent: Thursday, April 16, 2015 5:30 PM To: Servers Alive Discussion List Subject: Re: [SA-list] PRTG ssl handshake 2667 Jason Passow Network Administrator http://www.mwsco.com [email protected] ph: (507) 494-5178 fax: (507) 454-8104 Mississippi Welder Supply Co., Inc. Please consider the environment before printing this email. ____________________________________________________________________________________________________________________________________________________________________________________________________________________________ The information contained in this message is privileged and intended only for the recipients named. If the reader is not a representative of the intended recipient, any review, dissemination or copying of this message or the information it contains is prohibited. If you have received this message in error, please immediately notify the sender, and delete the original message and attachments. dirk bulinckx <[email protected]> , 4/16/2015 10:21 AM: What build of sa are you using? Send with my Windows Phone -------------------------------------------------------------------------------- Van: Jason Passow (mailto:[email protected]) Verzonden: ââ¬Å½16/ââ¬Å½04/ââ¬Å½2015 16:46 Aan: Servers Alive Discussion List (mailto:[email protected]) Onderwerp: [SA-list] PRTG ssl handshake WE are monitoring a PRTG installation. I do this by checking the machine the service and the web interface. A few upgrades ago the ssl web page check broke. I am certain it was in response to one of the OpenSSL bugs. Now I get Thursday, April 16, 2015 9:15:15 AM URL check (https://prtg.domain.com) :SSL handshake failed: (0-) (301) Any thoughts or a way to resolve so I can monitor this page again? Thanks. Jason Passow Network Administrator http://www.mwsco.com [email protected] ph: (507) 494-5178 fax: (507) 454-8104 Mississippi Welder Supply Co., Inc. Please consider the environment before printing this email. ____________________________________________________________________________________________________________________________________________________________________________________________________________________________ The information contained in this message is privileged and intended only for the recipients named. If the reader is not a representative of the intended recipient, any review, dissemination or copying of this message or the information it contains is prohibited. If you have received this message in error, please immediately notify the sender, and delete the original message and attachments. To unsubscribe send a message with UNSUBSCRIBE in the subject line to [email protected] If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to [email protected] If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to [email protected] If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list. To unsubscribe send a message with UNSUBSCRIBE in the subject line to [email protected] If you use auto-responders (like out-of-the-office messages), make sure that they are not sent to the list nor to individual members. Doing so will cause you to be automatically removed from the list.
