[Nagiosplug-devel] [ nagiosplug-Patches-3285367 ] Support SSL Protocol version argument

SourceForge.net noreply at sourceforge.net
Mon May 28 16:50:43 CEST 2012

Patches item #3285367, was opened at 2011-04-12 08:47
Message generated for change (Settings changed) made by hweiss
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: Enhancement
Group: release-1.4.15
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Jason A. Lunn (omnipotus)
>Assigned to: Holger Weiss (hweiss)
Summary: Support SSL Protocol version argument

Initial Comment:
Bug 3066166 has a suggested solution to try to fallback to TLSv1 only when SSL protocol negotiation fails. This patch takes an alternative approach that is more general purpose, adding support for an optional value to the -S/--ssl argument of check_http and using that to chose the SSL Protocol version in sslutils.c. This will facilitate testing of HTTPS services that fail to properly auto-negotiate the protocol version but work with an explicit version is set.


Comment By: Holger Weiss (hweiss)
Date: 2012-05-07 03:42

As we're stumbling over negotiation glitches in various SSL server
implementations every now and then, I think it would be nice to be able to
specify the desired SSL protocol version.  The patch looks fine to me.  If
nobody objects, I'll commit it before the next release.


Comment By: Thomas Guyot-Sionnest (dermoth)
Date: 2011-05-02 17:03

[This is a copy of my reply to your email, as it bounced]

I've looked at it but didn't take the time to look further or reply...
According to the openssl documentation the function SSLv23_client_method
should already try TLSv1.  I'd like to better understand why using
specifically TLSv1_client_method would make a difference, and most
importantely whenever it's an openssl bug or not (i.e. did you try
against the latest openssl version?)

A reproducible testcase would be great, or at least an external server I
could test against.



You can respond by visiting: 

More information about the Devel mailing list