The Netprobe version may need upgrade to cope with evolving web technologies and standards. The Web-Mon plugin makes use of the CURL library (libcurl), which is bundled with the Netprobe installation. This article has collected common error codes that users may enounter.
This error may be returned from older Netprobe versions from GA3.0.x to GA3.2.x. Users are suggested to upgrade their Netprobe version as appropriate. This code is usually translated to "unknown protocol".
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
The error may appear if Web-Mon plugin is unable to connect the target website due to mismatch of protocol version or cipher. One other possiblity is that the target website actually returned a HTTP rather than HTTPS response.
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
The Web-Mon plugin is unable to negotiate with the target website using TLS protocol. It is possible that the website uses the deprecated SSL v2 or v3 protocols, which are no longer supported since Geneos version GA3.6.
error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
The above error may appear when the monitored website requires TLS version 1.2, but the Netprobe is older than version GA3.6.
error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small
The target website is probably using certain weak ciphers. In particular, the OpenSSL library bundled with Geneos has been upgraded from version GA3.8.1 (NPX-903) to address various known vulnerabilities. As a result the Web-Mon plugin may refuse to connect some older websites.
Users may try the "openssl" command on Linux to connect the target website. The example below should provide more detailed messages for troubleshooting.
openssl s_client -connect [hostname:port]
Users may check out Wikipedia's article on Transport Layer Security for background of the TLS and the now-deprecated SSL protocols.