Zabbix Documentation 5.0

3.04.05.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.24.4Guidelines

User Tools

Site Tools


manual:encryption:troubleshooting:psk_problems

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Previous revision
Last revision Both sides next revision
manual:encryption:troubleshooting:psk_problems [2019/03/14 09:11]
manual:encryption:troubleshooting:psk_problems [2019/12/03 08:50]
martins-v describing instance of psk value too long
Line 1: Line 1:
 +==== 3 PSK problems ====
  
 +=== PSK contains an odd number of hex-digits ===
 +
 +Proxy or agent does not start, message in the proxy or agent log:
 +  invalid PSK in file "/​home/​zabbix/​zabbix_proxy.psk"​
 +
 +=== PSK identity string longer than 128 bytes is passed to GnuTLS ===
 +
 +In TLS client side log:
 +  gnutls_handshake() failed: -110 The TLS connection was non-properly terminated.
 +
 +In TLS server side log.
 +  gnutls_handshake() failed: -90 The SRP username supplied is illegal.
 +
 +=== PSK longer than 32 bytes is passed to mbed TLS (PolarSSL) ===
 +
 +In any Zabbix log:
 +  ssl_set_psk():​ SSL - Bad input parameters to function
 +
 +=== Too long PSK value used with OpenSSL 1.1.1 ===
 +
 +In connecting-side log:
 +  ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized
 +  ...
 +  ...In zbx_tls_connect():​ psk_identity:"​PSK 1"
 +  ...zbx_psk_client_cb() requested PSK identity "PSK 1"
 +  ...End of zbx_tls_connect():​FAIL error:'​SSL_connect() set result code to SSL_ERROR_SSL:​ file ssl\statem\extensions_clnt.c line 801: error:​14212044:​SSL routines:​tls_construct_ctos_early_data:​internal error: TLS write fatal alert "​internal error"'​
 +  ​
 +In accepting-side log:
 +  ...Message from 123.123.123.123 is missing header. Message ignored.
 +
 +This problem typically arises when upgrading OpenSSL from 1.0.x or 1.1.0 to 1.1.1 and if the PSK value is longer than 512-bit (64-byte PSK, entered as 128 hexadecimal digits).
 +
 +See also: [[:​manual/​encryption/​using_pre_shared_keys#​size_limits|Value size limits]]