check_http sslv3 alert handshake failure

check_http sslv3 alert handshake failure occurs when trying to monitor a HTTPS link in Nagios monitoring.

Customer had a requirement to monitor a website URL that has https implementation and private certificates are available. End point link works in browser by importing the certificates. When trying to configure in Nagios or by checking the command using check_http, it fails and reports a Handshake issue. Certificates implemented by customer are enabled with TLS protocol and not with SSLv3.

When check_http command tries to interpret the certs with SSL protocol only and it never checks TLS. Though we force using TLS, but still it check with SSL implementation only.

check_http version

/usr/local/nagios/libexec
./check_http -V
check_http v2.0.3 (nagios-plugins 2.0.3)

Commands used for testing
./check_http -H <HOST> –ssl=1 -vvv
CRITICAL – Cannot make SSL connection.
140097353590632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40

–ssl=1 is TLS1  (–ssl=2 is for sslv2 and –ssl=3 is for ssl v3)

I tried all ways of debugging and also tried with Openssl commands also by providing CApath, CAfile entries but still the same error message is popping up. I have opened a support request at Nagios Forums link.

Following are the Openssl commands used.

openssl s_client -tls1 -connect <HOST>:443

openssl s_client -CApath <cert path> -connect <HOST>:443

openssl s_client -CAfile <cert file> -tls1 -connect <HOST>:443

This is a known issue and it is mentioned at GIT Please check this link for any resolution as regular updates will be provided for the same.