Re: [openssl-dev] [openssl.org #4043] monitoring software depending onopenssl not working on cloudflare ssl websites

2015-09-15 Thread Rob Stradling via RT
Hi Horatiu.  To connect to a site that uses CloudFlare Universal SSL
[1], you need to specify the SNI (Server Name Indication) header.
Modern browsers do this by default, but for s_client you need to do this...

openssl s_client -connect :443 -servername 

This isn't an OpenSSL bug, so I suggest closing this ticket.


[1] https://blog.cloudflare.com/introducing-universal-ssl/

On 15/09/15 15:33, Horatiu N via RT wrote:
> Greetings,
> 
> Using the nagios plugins (latest debian package for 8.1) to check
> availability of https websites using cloudflare gives errors
>> CRITICAL - Cannot make SSL connection.
>> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 
>> alert internal error:s23_clnt.c:770:
> 
> same goes if i attempt to run
>> openssl s_client -connect :443 
> 
> This basically makes monitoring impossible at this time,
> Any idea how to remedy this situation ?
> 
> i attached a textfile with sample domains as extracted from the
> certificate's "Certificate Subject alt name"
> it's reproducible on any target as long as it's online
> 
> openssl version
>> OpenSSL 1.0.1k 8 Jan 2015
> 
> 
> dpkg -l openssl
>> ii  openssl 1.0.1k-3+deb8u1amd64  Secure 
>> Sockets Layer toolkit - cryptographic utility
> 
> tried also to compile the newest one from openssl.org and use it, same
> problem.

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online


___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev


Re: [openssl-dev] [openssl.org #4043] monitoring software depending onopenssl not working on cloudflare ssl websites

2015-09-15 Thread Horatiu N via RT
Thank you very much.

Have a lovely day :)

On 15-Sep-15 5:49 PM, Rob Stradling via RT wrote:
> Hi Horatiu.  To connect to a site that uses CloudFlare Universal SSL
> [1], you need to specify the SNI (Server Name Indication) header.
> Modern browsers do this by default, but for s_client you need to do this...
> 
> openssl s_client -connect :443 -servername 
> 
> This isn't an OpenSSL bug, so I suggest closing this ticket.
> 
> 
> [1] https://blog.cloudflare.com/introducing-universal-ssl/
> 
> On 15/09/15 15:33, Horatiu N via RT wrote:
>> Greetings,
>>
>> Using the nagios plugins (latest debian package for 8.1) to check
>> availability of https websites using cloudflare gives errors
>>> CRITICAL - Cannot make SSL connection.
>>> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 
>>> alert internal error:s23_clnt.c:770:
>>
>> same goes if i attempt to run
>>> openssl s_client -connect :443 
>>
>> This basically makes monitoring impossible at this time,
>> Any idea how to remedy this situation ?
>>
>> i attached a textfile with sample domains as extracted from the
>> certificate's "Certificate Subject alt name"
>> it's reproducible on any target as long as it's online
>>
>> openssl version
>>> OpenSSL 1.0.1k 8 Jan 2015
>>
>>
>> dpkg -l openssl
>>> ii  openssl 1.0.1k-3+deb8u1amd64  
>>> Secure Sockets Layer toolkit - cryptographic utility
>>
>> tried also to compile the newest one from openssl.org and use it, same
>> problem.
> 




smime.p7s
Description: S/MIME cryptographic signature
___
openssl-dev mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev