Hi,
if I select a remote backend_id in create object menu, I get the following error message:
Failed to get objects: Unable to connect to the in backend : stream_socket_client(): SSL operation failed with code 1. OpenSSL Error messages: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version stream_socket_client(): Failed to enable crypto stream_socket_client(): unable to connect to tls://slavehost:6559 (Unknown error)
I made a wireshark trace and I found out, netvis tries a connection with TLS1 instead of TLS1.2 which is configured default in checkmk livestatus.
Installed versions:
check_mk raw 1.6.0p19
Red Hat Enterprise Linux Server 7.8 (Maipo)
php.x86_64 5.4.16-48.el7 (standard on RHEL7)
We have also experienced this issue when we recently deployed some Nagvis Maps on our CMK servers.
After searching for a solution on the Web for some time, the work-around was for us to re-enable
TLS 1 support in the CheckMK stunnel server.conf on the slave nodes.
eg: vim $OMD_ROOT/etc/stunnel/server.conf
We commented out the original sslVersion line #sslVersion = TLSv1.2
And added the following to permit only TLS v1 and TLS v1.2 (or later).
This topic was automatically closed 365 days after the last reply. New replies are no longer allowed. Contact @fayepal if you think this should be re-opened.