Ad Widget

Collapse

1 SSL alert number 47: TLS read fatal alert "illegal parameter"

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • urbanite
    Junior Member
    • Oct 2019
    • 2
    #1

    1 SSL alert number 47: TLS read fatal alert "illegal parameter"

    Hi all,

    I'm new to zabbix and currently testing it as a replacement for Nagios. I've got the server running on Debian 10 and two hosts, one on Debian 10 and the other on Windows 2016.

    Unfortunately I keep getting an intermittent error when using PSK for encryption between server-agent, see below.

    Code:
    Get value from agent failed: TCP successful, cannot establish TLS to [[xxx.xxx.xxx.xxx]:10050]: SSL_connect() set result code to SSL_ERROR_SSL: file ../ssl/record/rec_layer_s3.c line 1544: error:14094417:SSL routines:ssl3_read_bytes:sslv3 alert illegal parameter: SSL alert number 47: TLS read fatal alert "illegal parameter"
    My agent config is as below...



    Code:
    PidFile=/var/run/zabbix/zabbix_agentd.pid

LogFile=/var/log/zabbix/zabbix_agentd.log

LogFileSize=0

Server=xxx.xxx.xxx.xxx

ListenPort=10050

ServerActive= xxx.xxx.xxx.xxx

Hostname=server01

Include=/etc/zabbix/zabbix_agentd.d/*.conf




####### TLS-RELATED PARAMETERS #######

TLSConnect=psk

TLSAccept=psk

TLSPSKFile=/etc/zabbix/zabbix_agentd.psk

TLSPSKIdentity=PSK001


    Reading up Any help is much appreciated!
    Tags: None
    • urbanite
      Junior Member
      • Oct 2019
      • 2
      #2
      Resolved the issue...

      The documentation for Zabbix suggests creating a 32B/256b PSK with
      Code:
      openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
      However when I generated a 64B/512b PSK everything worked fine.
      Code:
      openssl rand -hex 64 > /etc/zabbix/zabbix_agentd.psk
        👍 1

        Comment

        • scoute
          Junior Member
          • Jul 2020
          • 1
          #3
          Same problem .. Resolved!

          If I change only the PSK key, it will not work.

          I changed psk_id from PSK 001 to PSK 002 as well and its worked.

          you cannot have 2 different keys with the same name in the same zabbix-server
          Last edited by scoute; 24-11-2020, 13:47.
            👎 1

            Comment

            • yurtesen
              Senior Member
              • Aug 2008
              • 130
              #4
              urbanite did you try again
              Code:
              openssl rand -hex 32 > /etc/zabbix/zabbix_agentd.psk
              There is sometimes delay between when this is set and it is effective or maybe different strings were used accidentally between server and client. I bet if you try it now, you will see that 32byte string also works. Well it works for me at least

                Comment

                • koflert
                  Junior Member
                  • Aug 2024
                  • 5
                  #5
                  Also solved my issue with exact that error messgae, running Zabbix 7.03 and Agent2.

                    Comment

                    Previous template Next
                    Working...