Zabbix Documentation 3.0

2.23.04.04.2 (current)In development:4.4 (devel)Unsupported:1.82.02.43.23.4

User Tools

Site Tools


manual:encryption:troubleshooting:connection_permission_problems

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
manual:encryption:troubleshooting:connection_permission_problems [2018/08/09 08:07]
martins-v autonumbering removal
manual:encryption:troubleshooting:connection_permission_problems [2019/04/08 09:15] (current)
martins-v formatting change
Line 31: Line 31:
       file .\ssl\s3_srvr.c line 1411: error:​1408A0C1:​SSL routines:​ssl3_get_client_hello:​no shared cipher:\       file .\ssl\s3_srvr.c line 1411: error:​1408A0C1:​SSL routines:​ssl3_get_client_hello:​no shared cipher:\
       TLS write fatal alert "​handshake failure"​       TLS write fatal alert "​handshake failure"​
 +
 +=== Attempting to use Zabbix sender compiled with TLS support to send data to Zabbix server/​proxy compiled without TLS ===
 +
 +== In connecting-side log: ==
 +Linux:
 +  ...In zbx_tls_init_child()
 +  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized
 +  ...
 +  ...In zbx_tls_connect():​ psk_identity:"​PSK test sender"​
 +  ...End of zbx_tls_connect():​FAIL error:'​connection closed by peer'
 +  ...send value error: TCP successful, cannot establish TLS to [[localhost]:​10051]:​ connection closed by peer
 +
 +Windows:
 +  ...OpenSSL library (version OpenSSL 1.1.1a ​ 20 Nov 2018) initialized
 +  ...
 +  ...In zbx_tls_connect():​ psk_identity:"​PSK test sender"​
 +  ...zbx_psk_client_cb() requested PSK identity "PSK test sender"​
 +  ...End of zbx_tls_connect():​FAIL error:'​SSL_connect() I/O error: [0x00000000] The operation completed successfully.'​
 +  ...send value error: TCP successful, cannot establish TLS to [[192.168.1.2]:​10051]:​ SSL_connect() I/O error: [0x00000000] The operation completed successfully.
 +
 +== In accepting-side log: ==
 +  ...failed to accept an incoming connection: from 127.0.0.1: support for TLS was not compiled in
 +  ​
 +=== One side connects with PSK but other side uses LibreSSL or has been compiled without encryption support ===
 +
 +LibreSSL does not support PSK.
 +
 +In connecting-side log:
 +  ...TCP successful, cannot establish TLS to [[192.168.1.2]:​10050]:​ SSL_connect() I/O error: [0] Success
 +
 +In accepting-side log:
 +  ...failed to accept an incoming connection: from 192.168.1.2:​ support for PSK was not compiled in
 +
 +In Zabbix frontend:
 +  Get value from agent failed: TCP successful, cannot establish TLS to [[192.168.1.2]:​10050]:​ SSL_connect() I/O error: [0] Success
 +
 +=== One side connects with PSK but other side uses OpenSSL with PSK support disabled ===
 +
 +In connecting-side log:
 +  ...TCP successful, cannot establish TLS to [[192.168.1.2]:​10050]:​ SSL_connect() set result code to SSL_ERROR_SSL:​ file ../​ssl/​record/​rec_layer_s3.c line 1536: error:​14094410:​SSL routines:​ssl3_read_bytes:​sslv3 alert handshake failure: SSL alert number 40: TLS read fatal alert "​handshake failure"​
 +
 +In accepting-side log:
 +  ...failed to accept an incoming connection: from 192.168.1.2:​ TLS handshake set result code to 1: file ssl/​statem/​statem_srvr.c line 1422: error:​1417A0C1:​SSL routines:​tls_post_process_client_hello:​no shared cipher: TLS write fatal alert "​handshake failure"​