Page 1 of 1
After POODLE changes in server https and ssmtp is failing
Posted: Sun Oct 19, 2014 8:52 am
by manokiss
Hi there.
Recently we have made the changes in apache and also in our smtp server to disable sslv3 since then nagios monitoring these services are failing, have someone a correct command to test smtp with tls and https without sslv3?
Sounds like nagios is expecting for sslv3 to test this services.
Im using:
command_line $USER1$/check_ssmtp -S -H $HOSTADDRESS$ $ARG1$ -p 465
command_line $USER1$/check_http -S -I $HOSTADDRESS$ $ARG1$
Thanx in advance!
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:00 am
by sreinhardt
I don't think that check_ssmtp is a nagios plugins plugin, so I can't comment on that one. However as for check_http. There is currently an issue with ssl autonegotiation picking the correct version. I would suggest trying to specify the various possible versions and ciphers that are still allowed with the -S flag.
-S, --ssl=VERSION
Connect via SSL. Port defaults to 443. VERSION is optional, and prevents
auto-negotiation (1 = TLSv1, 2 = SSLv2, 3 = SSLv3).
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:11 am
by manokiss
Thanx for the reply, unfortunately using that option im getting:
./check_http: option '--ssl' doesn't allow an argument
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:27 am
by tmcdonald
Are you using the -S or the --ssl flag? Please show us the command being run.
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:28 am
by manokiss
tested with:
./check_http -H hostname --ssl TLSv1
keeps getting connection refused
Thanx!
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:35 am
by sreinhardt
That is not going to give the correct parameters to the plugin. Try this instead:
Code: Select all
./check_http -H hostname --ssl=1
OR
./check_http -H hostname -S1
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:46 am
by manokiss
Both are giving me error
Thanx!
[root@]# ./check_http -H hostname --ssl=1
./check_http: option '--ssl' doesn't allow an argument
Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
[-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
[-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
[-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
[-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
[-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
[-j method]
[root@]# ./check_http -H hostname -S1
./check_http: invalid option -- '1'
Usage:
check_http -H <vhost> | -I <IP-address> [-u <uri>] [-p <port>]
[-w <warn time>] [-c <critical time>] [-t <timeout>] [-L] [-a auth]
[-b proxy_auth] [-f <ok|warning|critcal|follow|sticky|stickyport>]
[-e <expect>] [-s string] [-l] [-r <regex> | -R <case-insensitive regex>]
[-P string] [-m <min_pg_size>:<max_pg_size>] [-4|-6] [-N] [-M <age>]
[-A string] [-k string] [-S] [--sni] [-C <age>] [-T <content-type>]
[-j method]
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 9:56 am
by manokiss
just noticed i had outdated plugins...updated it and is working now for https....now im looking for ssmtp.
Thanx!
Re: After POODLE changes in server https and ssmtp is failin
Posted: Mon Oct 20, 2014 1:55 pm
by sreinhardt
Glad to hear it! You had me worried for a bit, some of that openssl code is a bit tricky! Let us know if you need further help with ssmtp, we can certainly test it on our end if you can send a link.