Re: [openssl-dev] [openssl.org #4043] monitoring software depending onopenssl not working on cloudflare ssl websites
Thank you very much. Have a lovely day :) On 15-Sep-15 5:49 PM, Rob Stradling via RT wrote: > Hi Horatiu. To connect to a site that uses CloudFlare Universal SSL > [1], you need to specify the SNI (Server Name Indication) header. > Modern browsers do this by default, but for s_client you need to do this... > > openssl s_client -connect :443 -servername > > This isn't an OpenSSL bug, so I suggest closing this ticket. > > > [1] https://blog.cloudflare.com/introducing-universal-ssl/ > > On 15/09/15 15:33, Horatiu N via RT wrote: >> Greetings, >> >> Using the nagios plugins (latest debian package for 8.1) to check >> availability of https websites using cloudflare gives errors >>> CRITICAL - Cannot make SSL connection. >>> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 >>> alert internal error:s23_clnt.c:770: >> >> same goes if i attempt to run >>> openssl s_client -connect :443 >> >> This basically makes monitoring impossible at this time, >> Any idea how to remedy this situation ? >> >> i attached a textfile with sample domains as extracted from the >> certificate's "Certificate Subject alt name" >> it's reproducible on any target as long as it's online >> >> openssl version >>> OpenSSL 1.0.1k 8 Jan 2015 >> >> >> dpkg -l openssl >>> ii openssl 1.0.1k-3+deb8u1amd64 >>> Secure Sockets Layer toolkit - cryptographic utility >> >> tried also to compile the newest one from openssl.org and use it, same >> problem. > smime.p7s Description: S/MIME cryptographic signature ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
Re: [openssl-dev] [openssl.org #4043] monitoring software depending onopenssl not working on cloudflare ssl websites
Hi Horatiu. To connect to a site that uses CloudFlare Universal SSL [1], you need to specify the SNI (Server Name Indication) header. Modern browsers do this by default, but for s_client you need to do this... openssl s_client -connect :443 -servername This isn't an OpenSSL bug, so I suggest closing this ticket. [1] https://blog.cloudflare.com/introducing-universal-ssl/ On 15/09/15 15:33, Horatiu N via RT wrote: > Greetings, > > Using the nagios plugins (latest debian package for 8.1) to check > availability of https websites using cloudflare gives errors >> CRITICAL - Cannot make SSL connection. >> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 >> alert internal error:s23_clnt.c:770: > > same goes if i attempt to run >> openssl s_client -connect :443 > > This basically makes monitoring impossible at this time, > Any idea how to remedy this situation ? > > i attached a textfile with sample domains as extracted from the > certificate's "Certificate Subject alt name" > it's reproducible on any target as long as it's online > > openssl version >> OpenSSL 1.0.1k 8 Jan 2015 > > > dpkg -l openssl >> ii openssl 1.0.1k-3+deb8u1amd64 Secure >> Sockets Layer toolkit - cryptographic utility > > tried also to compile the newest one from openssl.org and use it, same > problem. -- Rob Stradling Senior Research & Development Scientist COMODO - Creating Trust Online ___ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
