Zabbix Documentation 4.2

3.04.05.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.24.4Guidelines

User Tools

Site Tools


manual:encryption:troubleshooting:psk_problems

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Previous revision
Last revision Both sides next revision
manual:encryption:troubleshooting:psk_problems [2018/11/28 08:41]
manual:encryption:troubleshooting:psk_problems [2019/03/14 09:17]
viktors.tjarve added Using Zabbix sender compiled with TLS support...
Line 1: Line 1:
 +==== 3 PSK problems ====
  
 +=== PSK contains an odd number of hex-digits ===
 +
 +Proxy or agent does not start, message in the proxy or agent log:
 +  invalid PSK in file "/​home/​zabbix/​zabbix_proxy.psk"​
 +
 +=== PSK identity string longer than 128 bytes is passed to GnuTLS ===
 +
 +In TLS client side log:
 +  gnutls_handshake() failed: -110 The TLS connection was non-properly terminated.
 +
 +In TLS server side log.
 +  gnutls_handshake() failed: -90 The SRP username supplied is illegal.
 +
 +=== PSK longer than 32 bytes is passed to mbed TLS (PolarSSL) ===
 +
 +In any Zabbix log:
 +  ssl_set_psk():​ SSL - Bad input parameters to function
 +
 +=== Too long PSK value used with OpenSSL 1.1.1 ===
 +
 +In connecting-side log:
 +  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized
 +  ...
 +  ...In zbx_tls_connect():​ psk_identity:"​PSK 1"
 +  ...zbx_psk_client_cb() requested PSK identity "PSK 1"
 +  ...End of zbx_tls_connect():​FAIL error:'​SSL_connect() set result code to SSL_ERROR_SSL:​ file ssl\statem\extensions_clnt.c line 801: error:​14212044:​SSL routines:​tls_construct_ctos_early_data:​internal error: TLS write fatal alert "​internal error"'​
 +  ​
 +In accepting-side log:
 +  ...Message from 123.123.123.123 is missing header. Message ignored.
 +
 +=== Using Zabbix sender compiled with TLS support to send data to Zabbix server/​proxy compiled without TLS ===
 +
 +In connecting-side log:
 +  ...In zbx_tls_init_child()
 +  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized
 +  ...
 +  ...In zbx_tls_connect():​ psk_identity:"​PSK test sender"​
 +  ...End of zbx_tls_connect():​FAIL error:'​connection closed by peer'
 +  ...send value error: TCP successful, cannot establish TLS to [[localhost]:​10051]:​ connection closed by peer
 +
 +In accepting-side log:
 +  ...failed to accept an incoming connection: from 127.0.0.1: support for TLS was not compiled in
 +
 +See also: [[:​manual/​encryption/​using_pre_shared_keys#​size_limits|Value size limits]]