We recently upgraded our Zabbix server from OpenBSD to Debian 10 to allow the usage of Zabbix 5.0 LTS.
We later discovered that log checks, using Active Agent checks, are broken on our Ubuntu 16.04 LTS servers. From the agent side we see an error such as the following:
Non-active checks work fine with encryption. Changing from Certificate encryption to PSK did nothing.
I can think of options such as turning off encryption and running these agents over an SSH tunnel. There are some security concerns with these options, and we would like to get the agent encryption working.
Ubuntu Zabbix Agents are the latest 4.4 version
Openssl version on Ubuntu clients with agents: OpenSSL 1.0.2g 1 Mar 2016
Openssl version on Debian 10 with Server: OpenSSL 1.1.1d 10 Sep 2019
I know Zabbix improved the configuration of its TLS options, and deprecated gnutls. I will explore these as causes.
We later discovered that log checks, using Active Agent checks, are broken on our Ubuntu 16.04 LTS servers. From the agent side we see an error such as the following:
active check configuration update from [ip address:10051] started to fail (SSL_read() timed out)
I can think of options such as turning off encryption and running these agents over an SSH tunnel. There are some security concerns with these options, and we would like to get the agent encryption working.
Ubuntu Zabbix Agents are the latest 4.4 version
Openssl version on Ubuntu clients with agents: OpenSSL 1.0.2g 1 Mar 2016
Openssl version on Debian 10 with Server: OpenSSL 1.1.1d 10 Sep 2019
I know Zabbix improved the configuration of its TLS options, and deprecated gnutls. I will explore these as causes.