Ad Widget

Collapse

VMWARE 5.5 SSL Connect Error

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • puz27
    Junior Member
    • May 2020
    • 8
    #1

    VMWARE 5.5 SSL Connect Error

    Hello friends! I have some problem with monitoring vmware (5.5).
    I used zabbix 4.4 version and can not configire it to see my virtual environment.
    I have error SSL Connect Error

    So.What i have made.

    1.Used this manual
    https://www.zabbix.com/documentation.../vm_monitoring

    2.Used https://150.31.31.31/sdk and try to use https://name/sdk

    3.This page https://150.31.31.31/sdk/vimService.wsdl get me information.

    So, how i understand problem with SSL.

    If i do -> curl -k -v -u [email protected] https://150.31.31.31/sdk from zabbix server i see this:

    HTML Code:
    Enter host password for user '[email protected]':
* Expire in 0 ms for 6 (transfer 0x5653f01e4dc0)
* Trying 150.31.31.31...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5653f01e4dc0)
* Connected to 150.31.31.31 (150.31.31.31) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: none
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
root@zabbix:/home/user# curl --version
curl 7.64.0 (x86_64-pc-linux-gnu) libcurl/7.64.0 OpenSSL/1.1.1d zlib/1.2.11 libidn2/2.0.5 libpsl/0.20.2 (+libidn2/2.0.5) libssh2/1.8.0 nghttp2/1.36.0 librtmp/2.3
Release-Date: 2019-02-06
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp scp sftp smb smbs smtp smtps telnet tftp
Features: AsynchDNS IDN IPv6 Largefile GSS-API Kerberos SPNEGO NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy PSL
    Last edited by puz27; 22-05-2020, 15:15.
    Tags: None
    • tim.mooney
      Senior Member
      • Dec 2012
      • 1427
      #2
      Both Zabbix and curl/libcurl depend upon an underlying library for their TLS support. In this case, that's openssl.

      Your Zabbix server has a relatively recent version of openssl. Either curl or perhaps OpenSSL is by default only trying very recent versions of the TLS protocol. Probably TLS1.2 and TLS1.3, but I don't know for certain.

      Your VMWare environment (5.5), on the other hand, is not recent, it's quite old. The web server that you're connecting to there is probably offering only much older protocol versions. Possibly SSLv3 and maybe TLS 1.0.

      For a client and a server to be able to negotiate an encrypted connection, they need to be able to agree on several things, including which version of the protocol to use and which cipher. If they can't agree on a protocol version to use, the connection will fail.

      You might be able to use command line flags or a configuration file with curl to get it to try older versions of the TLS protocol, but ultimately the OpenSSL libraries may place restrictions on how "old" a version of the protocol they will speak. Note that these are often security decisions that are made by your distribution, so even if OpenSSL version 1.1.1d by default supports old versions of TLS, your distribution may have compiled it to remove those old versions, to force more secure protocol versions.

        Comment

        • puz27
          Junior Member
          • May 2020
          • 8
          #3
          Thank you! Thank you! How i undestand you solved my problems. I changed version TLS on 1.0 . How i see zabbix can connect. Now i am testing......

            Comment

            • San4ez39
              Junior Member
              • Dec 2020
              • 12
              #4
              Can you give a hint on how you enabled TLS v1? I have same problem, but newer zabbix and older VMWare (5.0.0) - so i wonder if i still can do it..

                Comment

                • ToineToine
                  Junior Member
                  • Feb 2021
                  • 3
                  #5
                  I try to delete this comment
                  Last edited by ToineToine; 11-03-2021, 19:55. Reason: I try to delete this comment

                    Comment

                    Previous template Next
                    Working...