Cannot make SSL connection - SSL3 error for URL monitoring

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Post Reply
myredvest1
Posts: 2
Joined: Fri Oct 28, 2022 3:25 am

Cannot make SSL connection - SSL3 error for URL monitoring

Post by myredvest1 »

Problem Statement:
Error "error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40" occurring when we try to use check_http plugin to monitor url.

./check_http -H <hostname>-u <url> -p <port> --sni -S
CRITICAL - Cannot make SSL connection.
139802893903680:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40

Same error will occur if you try to check the connection with using openssl command.
openssl s_client -connect <hostname>:<Port>
CONNECTED(00000003)
139890705401664:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c:1544:SSL alert number 40


Solution:
This issue occurring if the OS for nagios instance is RHEL 8 and system-wide cryptographic policy set to DEFAULT

To resolve this issue system-wide cryptographic policy need to be set to LEGECY.

Below is the command to check the current cryptographic policy.
update-crypto-policies --show

Use below command to change the cryptographic policy to LEGECY
update-crypto-policies --set LEGACY


More details available in below link for cryptographic policy.
https://access.redhat.com/documentation ... -hardening
Post Reply