ssl: unsafe legacy renegotiation

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

ssl: unsafe legacy renegotiation

From:	sashk
Subject:	ssl: unsafe legacy renegotiation
Date:	Thu, 9 Feb 2023 08:29:27 -0500

Hello,

I have a very old device, which I cannot replace, but would like to monitor. It uses TLSv1 for SSL and I’d like to check that it is online by querying its https port. I have following check:

check host cable_modem with address 192.168.1.1

    if failed port 443 protocol https status = 200 with ssl options {version: TLSV1, verify: disable} for 2 cycles then alert

But when monit checks, it reports following error:

failed protocol test [HTTP] at [192.168.1.1]:443 [TCP/IP TLS] -- SSL connection error: error:0A000152:SSL routines::unsafe legacy renegotiation disabled

Is there a way to allow unsafe legacy renegotiation only for this particular check? It seems re-configuring OpenSSL it is possible to do systemwide, but I would like to avoid doing so.

Thanks in advance

[Prev in Thread]

Current Thread

[Next in Thread]

ssl: unsafe legacy renegotiation, sashk <=
- Re: ssl: unsafe legacy renegotiation, Jan-Henrik Haukeland, 2023/02/09
  - Re: ssl: unsafe legacy renegotiation, sashk, 2023/02/09
    - RE: ssl: unsafe legacy renegotiation, Rory Toma, 2023/02/09
    - Re: ssl: unsafe legacy renegotiation, SZÉPE Viktor, 2023/02/09
    - Re: ssl: unsafe legacy renegotiation, address@hidden, 2023/02/09
    - Re: ssl: unsafe legacy renegotiation, address@hidden, 2023/02/09

Next by Date: Re: ssl: unsafe legacy renegotiation
Next by thread: Re: ssl: unsafe legacy renegotiation
Index(es):
- Date
- Thread