What are the common error codes when monitoring HTTPS websites with Web-Mon plugin?

Common Errors

error:140770FC:SSL routines:func(119):reason(252)

This error may be returned from older Netprobe versions from GA3.0.x to GA3.2.x. Users are suggested to upgrade their Netprobe version as appropriate. This code is usually translated to "unknown protocol".

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

The error may appear if Web-Mon plugin is unable to connect the target website due to mismatch of protocol version or cipher. One other possiblity is that the target website actually returned a HTTP rather than HTTPS response.

error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure

The Web-Mon plugin is unable to negotiate with the target website using TLS protocol. It is possible that the website uses the deprecated SSL v2 or v3 protocols, which are no longer supported since Geneos version GA3.6.

error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version

The above error may appear when the monitored website requires TLS version 1.2, but the Netprobe is older than version GA3.6.

error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small

The target website is probably using certain weak ciphers. In particular, the OpenSSL library bundled with Geneos has been upgraded from version GA3.8.1 (NPX-903) to address various known vulnerabilities. As a result the Web-Mon plugin may refuse to connect some older websites.

Diagnosis

Users may try the "openssl" command on Linux to connect the target website. The example below should provide more detailed messages for troubleshooting.

openssl s_client -connect [hostname:port]

Further Reading

Users may check out Wikipedia's article on Transport Layer Security for background of the TLS and the now-deprecated SSL protocols.