I've setup two VM's of CentOS 6.7 x64 and compilied 2.16 on them.
I've set the options in nrpe.cfg on vmA:
Code: Select all
ssl_version=TLSv1
ssl_cipher_list=ALL:!MD5:@STRENGTH
ssl_logging=-1
From my vmB I execute a basic check:
Code: Select all
./check_nrpe -H 10.25.13.30
NRPE v2.16RC2
vmA
Code: Select all
Dec 16 15:08:49 centos12 xinetd[3793]: START: nrpe pid=3844 from=::ffff:10.25.13.31
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Certificate File: None
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Private Key File: None
Dec 16 15:08:49 centos12 nrpe[3844]: SSL CA Certificate File: None
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Allow ADH: Allow
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Client Certs: Don't Ask
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Log Options: 0xffffffff
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Version: TLSv1
Dec 16 15:08:49 centos12 nrpe[3844]: Remote - SSL Version: TLSv1
Dec 16 15:08:49 centos12 nrpe[3844]: Remote - TLSv1/SSLv3, Cipher is ADH-AES256-SHA
Dec 16 15:08:49 centos12 nrpe[3844]: SSL Not asking for client certification
Dec 16 15:08:49 centos12 xinetd[3793]: EXIT: nrpe status=0 pid=3844 duration=0(sec)
Code: Select all
Dec 16 15:08:49 centos13 check_nrpe: Remote 10.25.13.30 accepted a Version 3 Packet
Code: Select all
./check_nrpe -H 10.25.13.30 -S TLSv1
CHECK_NRPE: Error - Could not complete SSL handshake with 10.25.13.30: 1
Code: Select all
Dec 16 15:10:28 centos12 xinetd[3793]: START: nrpe pid=3851 from=::ffff:10.25.13.31
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Certificate File: None
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Private Key File: None
Dec 16 15:10:28 centos12 nrpe[3851]: SSL CA Certificate File: None
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Allow ADH: Allow
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Client Certs: Don't Ask
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Log Options: 0xffffffff
Dec 16 15:10:28 centos12 nrpe[3851]: SSL Version: TLSv1
Dec 16 15:10:28 centos12 nrpe[3851]: Error: Could not complete SSL handshake with : 5
Dec 16 15:10:28 centos12 xinetd[3793]: EXIT: nrpe status=0 pid=3851 duration=0(sec)
Code: Select all
Dec 16 15:10:28 centos13 check_nrpe: Error: Could not complete SSL handshake with 10.25.13.30: 1
Code: Select all
./check_nrpe -H 10.25.13.30 -S TLSv1+
NRPE v2.16RC2
Code: Select all
Dec 16 15:12:04 centos12 xinetd[3793]: START: nrpe pid=3852 from=::ffff:10.25.13.31
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Certificate File: None
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Private Key File: None
Dec 16 15:12:04 centos12 nrpe[3852]: SSL CA Certificate File: None
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Cipher List: ALL:!MD5:@STRENGTH
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Allow ADH: Allow
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Client Certs: Don't Ask
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Log Options: 0xffffffff
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Version: TLSv1
Dec 16 15:12:04 centos12 nrpe[3852]: Remote - SSL Version: TLSv1
Dec 16 15:12:04 centos12 nrpe[3852]: Remote - TLSv1/SSLv3, Cipher is ADH-AES256-SHA
Dec 16 15:12:04 centos12 nrpe[3852]: SSL Not asking for client certification
Dec 16 15:12:04 centos12 xinetd[3793]: EXIT: nrpe status=0 pid=3852 duration=0(sec)
Code: Select all
Dec 16 15:12:04 centos13 check_nrpe: Remote 10.25.13.30 accepted a Version 3 Packet
I'm not sure why -S TLSv1 didn't work when that is what I specified in nrpe.cfg on vmA.