Hi,
I'm new with zabbix implementation, in my environment I'm using VM Ware ESXi 5.1 and I can't update this. I'm trying to add this ESXi into Zabbix but I'm always receiving error 'SSL Connection Error'.
Someone know if Zabbix works with TLS 1.0 because my VMWare is old and accept connection with 1.0 I tried to connection using Curl and TLS 1.0 works well but If I put TLS 1.2 or TLS 1.3 doesn't work follow the commands and returns:
Can you help me with solve it? I trying understand if Zabbix accept TLS 1.0 and how to force use this TLS version because my old VMWare.
Thanks a lot.
I'm new with zabbix implementation, in my environment I'm using VM Ware ESXi 5.1 and I can't update this. I'm trying to add this ESXi into Zabbix but I'm always receiving error 'SSL Connection Error'.
Someone know if Zabbix works with TLS 1.0 because my VMWare is old and accept connection with 1.0 I tried to connection using Curl and TLS 1.0 works well but If I put TLS 1.2 or TLS 1.3 doesn't work follow the commands and returns:
[root@localhost ~]# curl -k -v -k --insecure --tlsv1 -u [email protected] https://IPHOST/sdk
Enter host password for user '[email protected]':
..................
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc; OU=VMware ESX Server Default Certificate; [email protected]; CN=localhost.localdomain; unstructuredName=1387372133,564d7761726520496e632e
* start date: Dec 18 13:08:54 2013 GMT
* expire date: Jun 18 13:08:54 2025 GMT
* issuer: O=VMware Installer
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user '[email protected]'
> GET /sdk HTTP/1.1
> Host: 10.227.67.134
> Authorization: Basic cm9vdEB2c3BoZXJlLmxvY2FsOjZ5aEsyTm94T09TYjI=
> User-Agent: curl/7.61.1
> Accept: */*
[root@localhost ~]# curl -k -v -k --insecure --tlsv1.2 -u [email protected] https://IPHOST/sdk
Enter host password for user '[email protected]':
..................
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Enter host password for user '[email protected]':
..................
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.0 (IN), TLS handshake, Certificate (11):
* TLSv1.0 (IN), TLS handshake, Server finished (14):
* TLSv1.0 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.0 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.0 (OUT), TLS handshake, Finished (20):
* TLSv1.0 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.0 / AES256-SHA
* ALPN, server did not agree to a protocol
* Server certificate:
* subject: C=US; ST=California; L=Palo Alto; O=VMware, Inc; OU=VMware ESX Server Default Certificate; [email protected]; CN=localhost.localdomain; unstructuredName=1387372133,564d7761726520496e632e
* start date: Dec 18 13:08:54 2013 GMT
* expire date: Jun 18 13:08:54 2025 GMT
* issuer: O=VMware Installer
* SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user '[email protected]'
> GET /sdk HTTP/1.1
> Host: 10.227.67.134
> Authorization: Basic cm9vdEB2c3BoZXJlLmxvY2FsOjZ5aEsyTm94T09TYjI=
> User-Agent: curl/7.61.1
> Accept: */*
[root@localhost ~]# curl -k -v -k --insecure --tlsv1.2 -u [email protected] https://IPHOST/sdk
Enter host password for user '[email protected]':
..................
* CONNECT phase completed!
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CONNECT phase completed!
* CONNECT phase completed!
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS alert, protocol version (582):
* error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
* Closing connection 0
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
Thanks a lot.
Comment