Date: Tue, 14 Apr 2020 11:58:05 +0200 From: Per olof Ljungmark <peo@nethead.se> To: ports@freebsd.org Subject: openssl problem after 11 -> 12 Message-ID: <1b820dcf-34ad-b7af-d25c-ea337f9376b2@nethead.se>
next in thread | raw e-mail | index | archive | help
Hello, After upgrading our Nagios host, I can no longer get status from our older HP servers with iLO3. Using a perl script, check_ilo2_health.pl, this stopped working due to lack of support of older ciphers in base openssl. So far, I installed openssl from ports and enabled the weak ciphers, adjusted /etc/make.conf for DEFAULT_VERSIONS+= ssl=openssl, have rebuilt perl and perl modules, curl and a few more. Still, I get curl -v --insecure --tlsv1.1 -v https://<iLO3 IP> * Trying <iLO3 IP>:443... * Connected to <iLO3 IP> port 443 (#0) * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /usr/local/share/certs/ca-root-nss.crt CApath: none * TLSv1.3 (OUT), TLS handshake, Client hello (1): * TLSv1.3 (IN), TLS alert, handshake failure (552): * error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure * Closing connection 0 curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure I am at loss right now on how I could teach the FBSD-12 system to use the older ciphers, it still works fine from 11. Thanks for hints.. Per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1b820dcf-34ad-b7af-d25c-ea337f9376b2>