[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssl: unsafe legacy renegotiation
|
From: |
Jan-Henrik Haukeland |
|
Subject: |
Re: ssl: unsafe legacy renegotiation |
|
Date: |
Thu, 9 Feb 2023 14:51:03 +0100 |
Google the error and solution. Either update SSL on the cable modem “server” if
you can or modify Monit (the client) yourself.
> On 9 Feb 2023, at 14:29, sashk via This is the general mailing list for monit
> <monit-general@nongnu.org> wrote:
>
> Hello,
>
> I have a very old device, which I cannot replace, but would like to monitor.
> It uses TLSv1 for SSL and I’d like to check that it is online by querying its
> https port. I have following check:
>
> check host cable_modem with address 192.168.1.1
> if failed port 443 protocol https status = 200 with ssl options {version:
> TLSV1, verify: disable} for 2 cycles then alert
>
> But when monit checks, it reports following error:
>
> failed protocol test [HTTP] at [192.168.1.1]:443 [TCP/IP TLS] -- SSL
> connection error: error:0A000152:SSL routines::unsafe legacy renegotiation
> disabled
>
> Is there a way to allow unsafe legacy renegotiation only for this particular
> check? It seems re-configuring OpenSSL it is possible to do systemwide, but I
> would like to avoid doing so.
>
> Thanks in advance