The Netprobe version may need an upgrade to cope with evolving web technologies and standards. The Web-Mon plugin makes use of the CURL library (libcurl), which is bundled with the Netprobe installation. This article has collected common error codes that users may encounter.
This error may be returned from older Netprobe versions from GA3.0.x to GA3.2.x. It is suggested that users upgrade their Netprobe version as appropriate. This code is usually translated as "unknown protocol".
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
The error may appear if Web-Mon plugin is unable to connect to the target website due to mismatch of protocol version or cipher. One other possibility is that the target website actually returned an HTTP rather than HTTPS response.
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
The Web-Mon plugin is unable to negotiate with the target website using the TLS protocol. It is possible that the website uses the deprecated SSL v2 or v3 protocols, which are no longer supported since Geneos version GA3.6.
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
The above error may appear when the monitored website requires TLS version 1.2 but the Netprobe is older than version GA3.6.
error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
The target website is probably using certain weak ciphers. In particular, the OpenSSL library bundled with Geneos has been upgraded from version GA3.8.1 (NPX-903) to address various known vulnerabilities. As a result, the Web-Mon plugin may refuse to connect to some older websites.
error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
The target website may be expecting to receive a client certificate for authentication. Please check with the administrator responsible for the remote website. If that is the case, you can review the article: How do I use client certificate to connect websites in the Web-Mon plugin?
schannel: next InitializeSecurityContext failed: SEC_E_ILLEGAL_MESSAGE (0x80090326)
This error likely occurs on Windows Netprobe trying to connect newer SSL web sites. Please make sure the Netprobe version is GA5.6 (COL-8265) or above.
Users may try the "openssl" command on Linux to connect to the target website. The example below should provide more detailed messages for troubleshooting.
openssl s_client -connect [hostname:port]
Users may check out Wikipedia's article on Transport Layer Security for background of the TLS and the now-deprecated SSL protocols.
Please sign in to leave a comment.