Could not complete SSL handshake with

[rgataullin]

Hello, can you please help me to find out what is going on with one of my servers?
I facing this issue only with one host.

May 12 18:14:31 svn-nrpe[4531]: CONN_CHECK_PEER: checking if host is allowed: X.X.X.X port 61070
May 12 18:14:31 svn-nrpe[4531]: Connection from X.X.X.X port 61070
May 12 18:14:31 svn-nrpe[4531]: is_an_allowed_host (AF_INET): is host > X.X.X.X< an allowed host > X.X.X.X<
May 12 18:14:31 svn-nrpe[4531]: is_an_allowed_host (AF_INET): is host > X.X.X.X< an allowed host > X.X.X.X<
May 12 18:14:31 svn-nrpe[4531]: is_an_allowed_host (AF_INET): host is in allowed host list!
May 12 18:14:31 svn-nrpe[4531]: Host address is in allowed_hosts
May 12 18:14:32 svn-nrpe[4528]: Error: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with X.X.X.X: decryption failed or bad record mac
May 12 18:14:32 svn-blr nrpe[4531]: Error: (ERR_get_error_line_data = 336130329), Could not complete SSL handshake with X.X.X.X: decryption failed or bad record mac
May 12 18:14:32 svn-nrpe[4531]: Connection from X.X.X.X closed.
May 12 18:14:32 svn-nrpe[4528]: Connection from X.X.X.X closed.

Open SSL version
OpenSSL 1.1.1 11 Sep 2018

[ssax]

What OS/version is the remote system running?

Code: Select all

uname -a
cat /etc/*release

What version of the NRPE agent did you install on the remote system? How specifically did you install it? The reason I ask is because I see it labeled svn-nrpe instead of just nrpe in your output.

What version of check_nrpe is the XI server running?

Code: Select all

/usr/local/nagios/libexec/check_nrpe -V

Please attach your nrpe.cfg from the remote system.

What does this show from the XI server?
- Change X.X.X.X to the IP of the remote NRPE agent

Code: Select all

/usr/local/nagios/libexec/check_nrpe -H X.X.X.X -s-1; tail -n30 /var/log/messages

[rgataullin]

Please, close the ticket we had an SSL inspection on our FortiGate FW and it was interfering with traffic.

[scottwilkerson]

Locking thread