Zabbix Documentation 4.2

3.04.05.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.24.4Guidelines

User Tools

Site Tools


manual:encryption:troubleshooting:psk_problems

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:encryption:troubleshooting:psk_problems [2019/03/14 09:17]
viktors.tjarve added Using Zabbix sender compiled with TLS support...
manual:encryption:troubleshooting:psk_problems [2019/03/14 09:26]
Line 1: Line 1:
-==== 3 PSK problems ==== 
  
-=== PSK contains an odd number of hex-digits === 
- 
-Proxy or agent does not start, message in the proxy or agent log: 
-  invalid PSK in file "/​home/​zabbix/​zabbix_proxy.psk"​ 
- 
-=== PSK identity string longer than 128 bytes is passed to GnuTLS === 
- 
-In TLS client side log: 
-  gnutls_handshake() failed: -110 The TLS connection was non-properly terminated. 
- 
-In TLS server side log. 
-  gnutls_handshake() failed: -90 The SRP username supplied is illegal. 
- 
-=== PSK longer than 32 bytes is passed to mbed TLS (PolarSSL) === 
- 
-In any Zabbix log: 
-  ssl_set_psk():​ SSL - Bad input parameters to function 
- 
-=== Too long PSK value used with OpenSSL 1.1.1 === 
- 
-In connecting-side log: 
-  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized 
-  ... 
-  ...In zbx_tls_connect():​ psk_identity:"​PSK 1" 
-  ...zbx_psk_client_cb() requested PSK identity "PSK 1" 
-  ...End of zbx_tls_connect():​FAIL error:'​SSL_connect() set result code to SSL_ERROR_SSL:​ file ssl\statem\extensions_clnt.c line 801: error:​14212044:​SSL routines:​tls_construct_ctos_early_data:​internal error: TLS write fatal alert "​internal error"'​ 
-  ​ 
-In accepting-side log: 
-  ...Message from 123.123.123.123 is missing header. Message ignored. 
- 
-=== Using Zabbix sender compiled with TLS support to send data to Zabbix server/​proxy compiled without TLS === 
- 
-In connecting-side log: 
-  ...In zbx_tls_init_child() 
-  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized 
-  ... 
-  ...In zbx_tls_connect():​ psk_identity:"​PSK test sender"​ 
-  ...End of zbx_tls_connect():​FAIL error:'​connection closed by peer' 
-  ...send value error: TCP successful, cannot establish TLS to [[localhost]:​10051]:​ connection closed by peer 
- 
-In accepting-side log: 
-  ...failed to accept an incoming connection: from 127.0.0.1: support for TLS was not compiled in 
- 
-See also: [[:​manual/​encryption/​using_pre_shared_keys#​size_limits|Value size limits]]