webinject ssl connect errors
514 views
Skip to first unread message
dirk385
Dec 30, 2014, 8:40:49 AM12/30/14
to webi...@googlegroups.com
Hi,
I'm using webinject to check an https website
The test case concerns 10 steps. The response time of all steps are plotted into graphs.
The output was always OK till the moment we implemented the Poodle fix on the https website.
Now sometimes the check fails, but not always. It occurs random.
I tried different solutions but none of them fixed the issue.
Tried the following:
1) created an cert bundle of all certifcates used with the https website and modified the webinject script to use this bundle
$ENV{HTTPS_CA_FILE}= "/usr/local/nagios/libexec/ca-bundle.crt";
2) modified the webinject script to use TLSv1.2 (I found out that using the settings below the total response time was decreased with around 200 ms, no clue why)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1.2',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
3) modified the webinject script to use TLSv1
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
4) modified the webinject script to use SSLv3 (when I use this setting it does not work at all ) -> error 500 Can't connect to fake.fake.nl:443 (SSL connect attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'SSLv3',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
The error I get sometimes when use the default webinject script:
500 SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
The error I get sometimes when use the modified webinject script:
500 Can't connect to fake.fake.nl:443 (SSL connect attempt failed because of handshake problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure)
Any help would be very appreciated.
Thx.
Dirk
I'm using webinject to check an https website
The test case concerns 10 steps. The response time of all steps are plotted into graphs.
The output was always OK till the moment we implemented the Poodle fix on the https website.
Now sometimes the check fails, but not always. It occurs random.
I tried different solutions but none of them fixed the issue.
Tried the following:
1) created an cert bundle of all certifcates used with the https website and modified the webinject script to use this bundle
$ENV{HTTPS_CA_FILE}= "/usr/local/nagios/libexec/ca-bundle.crt";
2) modified the webinject script to use TLSv1.2 (I found out that using the settings below the total response time was decreased with around 200 ms, no clue why)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1.2',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
3) modified the webinject script to use TLSv1
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'TLSv1',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
4) modified the webinject script to use SSLv3 (when I use this setting it does not work at all ) -> error 500 Can't connect to fake.fake.nl:443 (SSL connect attempt failed with unknown errorerror:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number)
Added the following:
use IO::Socket::SSL;
use Net::SSLeay;
my $context = new IO::Socket::SSL::SSL_Context(
SSL_version => 'SSLv3',
SSL_verify_mode => Net::SSLeay::VERIFY_NONE(),
);
IO::Socket::SSL::set_default_context($context);
The error I get sometimes when use the default webinject script:
500 SSL negotiation failed: error:1406D0CB:SSL routines:GET_SERVER_HELLO:peer error no cipher
The error I get sometimes when use the modified webinject script:
500 Can't connect to fake.fake.nl:443 (SSL connect attempt failed because of handshake problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure)
Any help would be very appreciated.
Thx.
Dirk
dirk385
Dec 30, 2014, 9:05:35 AM12/30/14
to webi...@googlegroups.com
Based on the error "500 Can't connect to fake.fake.nl:443
(SSL connect attempt failed because of handshake
problemserror:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
handshake failure" it looks like that it sometimes uses SSLv3. This explains the above error.
Important question, why does is it random use SSLv3. In the script I setup to use TLSv1.
Important question, why does is it random use SSLv3. In the script I setup to use TLSv1.
Reply all
Reply to author
Forward
0 new messages