openssl problem after 11 -> 12
Per olof Ljungmark
peo at nethead.se
Tue Apr 14 09:58:11 UTC 2020
Hello,
After upgrading our Nagios host, I can no longer get status from our
older HP servers with iLO3.
Using a perl script, check_ilo2_health.pl, this stopped working due to
lack of support of older ciphers in base openssl.
So far, I installed openssl from ports and enabled the weak ciphers,
adjusted /etc/make.conf for DEFAULT_VERSIONS+= ssl=openssl, have rebuilt
perl and perl modules, curl and a few more.
Still, I get
curl -v --insecure --tlsv1.1 -v https://<iLO3 IP>
* Trying <iLO3 IP>:443...
* Connected to <iLO3 IP> port 443 (#0)
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /usr/local/share/certs/ca-root-nss.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert
handshake failure
I am at loss right now on how I could teach the FBSD-12 system to use
the older ciphers, it still works fine from 11.
Thanks for hints..
Per
More information about the freebsd-ports
mailing list