[openssl-users] monitoring software depending on openssl not working on cloudflare ssl websites

Horatiu N horatiu at ddhosted.com
Tue Sep 15 07:55:41 UTC 2015 

Greetings,

Using the nagios plugins (latest debian package for 8.1) to check
availability of https websites using cloudflare gives errors
> CRITICAL - Cannot make SSL connection.
> 139729452828304:error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error:s23_clnt.c:770:

same goes if i attempt to run
> openssl s_client -connect <target>:443 

This basically makes monitoring impossible at this time,
Any idea how to remedy this situation ?

i attached a textfile with sample domains as extracted from the
certificate's "Certificate Subject alt name"
it's reproducible on any target as long as it's online

openssl version
> OpenSSL 1.0.1k 8 Jan 2015


dpkg -l openssl
> ii  openssl                     1.0.1k-3+deb8u1    amd64              Secure Sockets Layer toolkit - cryptographic utility

tried also to compile the newest one from openssl.org and use it, same
problem.
-------------- next part --------------
*.bluusun.com
*.coridonculturevoyages.com
*.filelist.ro
*.flro.org
*.footsy.ml
*.futurete.pt
*.howtowork.ru
*.indiviser.ru
*.jungs.ru
*.linica.ru
*.metafront.ru
*.mightytravels.com
*.segabite.ru
*.shrine.moe
*.soundgreat.ru
*.supersadovod.ru
*.tactum.ru
*.theonlyjoy.ru
*.wakarimasenlol.com
bluusun.com
coridonculturevoyages.com
filelist.ro
flro.org
footsy.ml
futurete.pt
howtowork.ru
indiviser.ru
jungs.ru
linica.ru
metafront.ru
mightytravels.com
segabite.ru
shrine.moe
soundgreat.ru
supersadovod.ru
tactum.ru
theonlyjoy.ru
wakarimasenlol.com
*.alvimu.ga
*.bellowusersyp10.cf
*.blankorientalvr40.ga
*.carterjk.com
*.dualmountingbg66.ml
*.improverespectedml51.gq
*.lovableshooterfm10.gq
*.mutesnoutedof56.ml
*.muztube.com
*.oberonrarean96.gq
*.paristravelbook.net
*.prospectusnebulamj12.ml
*.quarkrollesyp10.ga
*.travelstokyo.net
*.triple.ph
*.triple.site
*.vomeratomzj61.ga
*.waxmanassociates.com
*.werremeyer.com
alvimu.ga
bellowusersyp10.cf
blankorientalvr40.ga
carterjk.com
dualmountingbg66.ml
improverespectedml51.gq
lovableshooterfm10.gq
mutesnoutedof56.ml
muztube.com
oberonrarean96.gq
paristravelbook.net
prospectusnebulamj12.ml
quarkrollesyp10.ga
travelstokyo.net
triple.ph
triple.site
vomeratomzj61.ga
waxmanassociates.com
werremeyer.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3709 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20150915/29c99900/attachment-0001.bin>

More information about the openssl-users mailing list