[openssl-users] monitoring software depending on openssl not working on cloudflare ssl websites

Jeffrey Walton noloader at gmail.com
Tue Sep 15 17:00:57 UTC 2015


On Tue, Sep 15, 2015 at 3:55 AM, Horatiu N <horatiu at ddhosted.com> wrote:
> Greetings,
>
> Using the nagios plugins (latest debian package for 8.1) to check
> availability of https websites using cloudflare gives errors
>> CRITICAL - Cannot make SSL connection.
>> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770:
>
> same goes if i attempt to run
>> openssl s_client -connect <target>:443
>
You need to use TLS (not SSL), and you need to use SNI. Here's the
first in the list using TLS and SNI:

$ openssl s_client -connect www.bluusun.com:443 -tls1 -servername
www.bluusun.com
CONNECTED(00000003)
depth=2 C = GB, ST = Greater Manchester, L = Salford, O = COMODO CA
Limited, CN = COMODO ECC Certification Authority
verify error:num=20:unable to get local issuer certificate
---
Certificate chain
 0 s:/OU=Domain Control Validated/OU=PositiveSSL
Multi-Domain/CN=sni100936.cloudflaressl.com
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
 1 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Domain Validation Secure Server CA 2
   i:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Certification Authority
 2 s:/C=GB/ST=Greater Manchester/L=Salford/O=COMODO CA
Limited/CN=COMODO ECC Certification Authority
   i:/C=SE/O=AddTrust AB/OU=AddTrust External TTP Network/CN=AddTrust
External CA Root
---
...


More information about the openssl-users mailing list