{"id":470,"date":"2016-02-19T22:03:52","date_gmt":"2016-02-19T16:33:52","guid":{"rendered":"http:\/\/www.middlewareprimer.com\/blog\/?p=470"},"modified":"2016-02-19T22:03:52","modified_gmt":"2016-02-19T16:33:52","slug":"check_http-sslv3-alert-handshake-failure","status":"publish","type":"post","link":"http:\/\/www.middlewareprimer.com\/blog\/2016\/02\/19\/check_http-sslv3-alert-handshake-failure\/","title":{"rendered":"check_http sslv3 alert handshake failure"},"content":{"rendered":"<p>check_http sslv3 alert handshake failure occurs when trying to monitor a HTTPS link in Nagios monitoring.<\/p>\n<p>Customer had a requirement to monitor a website URL that has https implementation and private certificates are available. End point link works in browser by importing the certificates. When trying to configure in Nagios or by checking the command using check_http, it fails and reports a Handshake issue. Certificates implemented by customer are enabled with TLS protocol and not with SSLv3.<\/p>\n<p>When check_http command tries to interpret the certs with SSL protocol only and it never checks TLS. Though we force using TLS, but still it check with SSL implementation only.<\/p>\n<p><span style=\"text-decoration: underline;\">check_http version<\/span><\/p>\n<p>\/usr\/local\/nagios\/libexec<br \/>\n.\/check_http -V<br \/>\ncheck_http v2.0.3 (nagios-plugins 2.0.3)<\/p>\n<p><span style=\"text-decoration: underline;\">Commands used for testing<\/span><br \/>\n.\/check_http -H &lt;HOST&gt; &#8211;ssl=1 -vvv<br \/>\nCRITICAL &#8211; Cannot make SSL connection.<br \/>\n140097353590632:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1259:SSL alert number 40<\/p>\n<p>&#8211;ssl=1 is TLS1\u00a0 (&#8211;ssl=2 is for sslv2 and &#8211;ssl=3 is for ssl v3)<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-471 size-full\" src=\"http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl1.png\" alt=\"check_http sslv3 alert handshake failure\" width=\"993\" height=\"33\" srcset=\"http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl1.png 993w, http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl1-300x10.png 300w, http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl1-768x26.png 768w\" sizes=\"auto, (max-width: 993px) 100vw, 993px\" \/><br \/>\nI tried all ways of debugging and also tried with Openssl commands also by providing CApath, CAfile entries but still the same error message is popping up. I have opened a support request at Nagios <span style=\"text-decoration: underline;\"><a href=\"https:\/\/support.nagios.com\/forum\/viewtopic.php?f=6&amp;t=37070&amp;p=171987&amp;hilit=check_https#p172479\" target=\"_blank\">Forums link<\/a><\/span>.<\/p>\n<p>Following are the Openssl commands used.<\/p>\n<p>openssl s_client -tls1 -connect &lt;HOST&gt;:443<\/p>\n<p>openssl s_client -CApath &lt;cert path&gt; -connect &lt;HOST&gt;:443<\/p>\n<p>openssl s_client -CAfile &lt;cert file&gt; -tls1 -connect &lt;HOST&gt;:443<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-472 size-full\" src=\"http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl2.png\" alt=\"check_http sslv3 alert handshake failure\" width=\"995\" height=\"39\" srcset=\"http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl2.png 995w, http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl2-300x12.png 300w, http:\/\/www.middlewareprimer.com\/blog\/wp-content\/uploads\/2016\/02\/ssl2-768x30.png 768w\" sizes=\"auto, (max-width: 995px) 100vw, 995px\" \/><\/p>\n<p><strong>This is a known issue<\/strong> and it is mentioned at <a href=\"https:\/\/github.com\/nagios-plugins\/nagios-plugins\/issues\/140\" target=\"_blank\"><span style=\"text-decoration: underline;\">GIT<\/span> Pleas<\/a>e check this link for any resolution as regular updates will be provided for the same.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>check_http sslv3 alert handshake failure occurs when trying to monitor a HTTPS link in Nagios monitoring. Customer had a requirement to monitor a website URL that has https implementation and private certificates are available. End point link works in browser by importing the certificates. When trying to configure in Nagios or by checking the command [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[119,121,118,123,120,122,124],"class_list":["post-470","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-check_http","tag-critical-cannot-make-ssl-connection","tag-nagios","tag-ssl-alert-number-40","tag-ssl-handshake","tag-ssl-handshake-failure","tag-sslv3-alert-handshake-failure"],"_links":{"self":[{"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/posts\/470","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/comments?post=470"}],"version-history":[{"count":1,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/posts\/470\/revisions"}],"predecessor-version":[{"id":473,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/posts\/470\/revisions\/473"}],"wp:attachment":[{"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/media?parent=470"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/categories?post=470"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.middlewareprimer.com\/blog\/wp-json\/wp\/v2\/tags?post=470"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}