Cannot make SSL connection - SSL3 error for URL monitoring
Posted: Tue Dec 06, 2022 7:28 am
Problem Statement:
Error "error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c
SSL alert number 40" occurring when we try to use check_http plugin to monitor url.
./check_http -H <hostname>-u <url> -p <port> --sni -S
CRITICAL - Cannot make SSL connection.
139802893903680:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.cSSL alert number 40
Same error will occur if you try to check the connection with using openssl command.
openssl s_client -connect <hostname>:<Port>
CONNECTED(00000003)
139890705401664:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.cSSL alert number 40
Solution:
This issue occurring if the OS for nagios instance is RHEL 8 and system-wide cryptographic policy set to DEFAULT
To resolve this issue system-wide cryptographic policy need to be set to LEGECY.
Below is the command to check the current cryptographic policy.
update-crypto-policies --show
Use below command to change the cryptographic policy to LEGECY
update-crypto-policies --set LEGACY
More details available in below link for cryptographic policy.
https://access.redhat.com/documentation ... -hardening
Error "error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c
SSL alert number 40" occurring when we try to use check_http plugin to monitor url../check_http -H <hostname>-u <url> -p <port> --sni -S
CRITICAL - Cannot make SSL connection.
139802893903680:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c
SSL alert number 40Same error will occur if you try to check the connection with using openssl command.
openssl s_client -connect <hostname>:<Port>
CONNECTED(00000003)
139890705401664:error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:ssl/record/rec_layer_s3.c
SSL alert number 40Solution:
This issue occurring if the OS for nagios instance is RHEL 8 and system-wide cryptographic policy set to DEFAULT
To resolve this issue system-wide cryptographic policy need to be set to LEGECY.
Below is the command to check the current cryptographic policy.
update-crypto-policies --show
Use below command to change the cryptographic policy to LEGECY
update-crypto-policies --set LEGACY
More details available in below link for cryptographic policy.
https://access.redhat.com/documentation ... -hardening