Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Could not complete SSL handshake with : 1

https://support.nagios.com/forum/viewtopic.php?t=75685

Page 1 of 1

Could not complete SSL handshake with : 1

Posted: Wed Sep 11, 2024 9:55 am
by catabava
Hi guys,

I've got 500+ servers running for a service, which are all monitored by Nagios.

On this one server, I cannot make just the NRPE nagios checks work (all other checks work, which are checking different services offered by the server on other ports).

The nrpe config file is the same on all 500+ servers, the installed apt packages (my servers are all running ubuntu 22.04) are all the same (& same versions), but NRPE checks don't work, with this error message being printed by Nagios:
CHECK_NRPE: Error - Could not connect to <IP>. Check system logs on <IP>

This is the only error I see in the system logs without enabling debug_mode:
nrpe[5701]: Error: (!log_opts) Could not complete SSL handshake with : 1

This is the more detailed error (with debug mode on):
nrpe[30350]: Error: (ERR_get_error_line_data = 167772353), Could not complete SSL handshake with : no shared cipher
nrpe[30350]: Error: This could be because you have not specified certificate or ca-certificate files
nrpe[30349]: Error: (ERR_get_error_line_data = 167772454), Could not complete SSL handshake with : unexpected eof while reading

Does anyone have a clue regarding what shall i do in order to get rid of this issue?

Many thanks in advance!

Re: Could not complete SSL handshake with : 1

Posted: Wed Sep 11, 2024 11:50 am
by cnorell
catabava,

At first glance, this reads like an OpenSSL issue to me. What version of OpenSSL are you running on the affected servers? And is it different than the servers that are working properly?

The first thing I would try is to upgrade OpenSSL, but as always I recommend making a backup of the server should anything happen to go wrong. It's a relatively minor and reversible change, but you never know.

Best Regards,

Cory Norell

Re: Could not complete SSL handshake with : 1

Posted: Thu Sep 12, 2024 7:53 am
by catabava
Hi cnorell,

Unfortunately, I'm using the same OpenSSL version on all servers:

OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

Best regards,
Catalin

Re: Could not complete SSL handshake with : 1

Posted: Thu Sep 12, 2024 9:18 am
by DoubleDoubleA
Hi @catabava,

The other possibility from the error logs is a certificate issue.

If that pointer doesn't get you resolution, you might diff this server against other servers that work and see if you can find something. I know you said they should be all the same but it has to be something.

Aaron
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited