Hi,
I'm using webinject to check an https website
The test case concerns 10 steps. The response time of all steps are plotted into graphs.
The output was always OK till the moment we implemented the Poodle fix on the https website.
Now sometimes the check fails, but not always. It occurs random.
I tried different solutions but none of them fixed the issue.
Tried the following:
1) created an cert bundle of all certifcates used with the https website and modified the webinject script to use this bundle
$ENV{HTTPS_CA_FILE}= "/usr/local/nagios/libexec/ca-bundle.crt";
2) modified the webinject script to use TLSv1.2 (I found out that using the settings below the total response time was decreased with around 200 ms, no clue why)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1.2',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
3) modified the webinject script to use TLSv1
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
4) modified the webinject script to use SSLv3 (when I use this setting it does not work at all ) -> error 500 Can't connect to
fake.fake.nl:443 (SSL connect attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'SSLv3',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
The error I get sometimes when use the default webinject script:
500 SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
The error I get sometimes when use the modified webinject script:
500 Can't connect to
fake.fake.nl:443 (SSL connect attempt failed because of handshake problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure)
Any help would be very
appreciated.
Thx.
Dirk