Nagios Support Forum

thanks tgriep but unfortunately updating the plugin to version 2.1.1 did not resolve the issue.

Please show us the full commands you're running in the terminal, a screenshot will help as well.

The above will help for us to replicate on our end to see what's going on with TLS exactly.

here is my command im using
[root@myserver /]# /usr/local/nagios/libexec/check_http -S --ssl=1.2 -H www.mysite.com
CRITICAL - Cannot make SSL connection.

and ive tried using --ssl=1.1, 1.1+, 1.2, 1.2+

Could you upgrade your nagios plugins to 2.1.2? This was released a short time ago, and made a fix to TLS specifically. I think you might be running into an issue where it wasn't letting you specify the SSL version properly.

– The check_http -S/–ssl option now accepts the arguments “1.1” and “1.2” to force TLSv1.1 and TLSv1.2 connections, respectively
– The check_http -S/–ssl option now allows for specifying the desired protocol with a “+” suffix to also accept newer versions

https://www.nagios.org/downloads/nagios-plugins/

okay ive updated the plugin to nagios-plugins-2.1.2 and getting a different error...

Command - # /usr/local/nagios/libexec/check_http -S --ssl=1.1 -H www.mysite.com
Response - UNKNOWN - TLS protocol version 1.1 is not supported by your SSL library.

Command - # /usr/local/nagios/libexec/check_http -S --ssl=1.2 -H www.mysite.com
Response - UNKNOWN - TLS protocol version 1.2 is not supported by your SSL library.

Command - # /usr/local/nagios/libexec/check_http -S --ssl=1.1 -H www.mysite.com
Response - CRITICAL - Cannot make SSL connection.
1595:error:140740BF:SSL routines:SSL23_CLIENT_HELLO:no protocols available:s23_clnt.c:269:

And i have confirmed that TLS 1.1 AND 1.2 are enabled on the loadbalancer, its just 1.0 that is disabled.

Does your SSL support TLS1.1/1.2 on the Nagios machine? Please post the output of the following - openssl s_client -connect google.com:443 -tls1_2 (also, please run it against your site as well and post the output)

This should help us track down where the version issue is.

thanks rkennedy,

Here is the output from checking both your URL and my site:

Command - # openssl s_client -connect google.com:443 -tls1_2
Response - unknown option -tls1_2
usage: s_client args

Command - # openssl s_client -connect mysite.com:443 -tls1_2
Response - unknown option -tls1_2
usage: s_client args

so i tried just tls_1: getting different response for my site and google.com

Command - # openssl s_client -connect google.com:443 -tls1
Response - CONNECTED(00000003)
...more detalied certificate/ssl info

Command - openssl s_client -connect mysite.com:443 -tls1
Response - CONNECTED(00000003)
write:errno=104

Thanks

If tls1_2 does not work, then neither will check_http trying to use tls1.2. Your Nagios machine does not have support for it. You'll most likely need to upgrade openssl, and then I assume the check will work as well.

sounds like a plan!
my current version is definitely older:
Command - # openssl version
Response - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

how would i go about updating openssl on my Linux Red Hat server.

Thanks,

scheema31 wrote:sounds like a plan!
my current version is definitely older:
Command - # openssl version
Response - OpenSSL 0.9.8e-fips-rhel5 01 Jul 2008

how would i go about updating openssl on my Linux Red Hat server.

Thanks,

yum install openssl -y should work, but it could vary depending on how it was originally installed.