What are the common error codes when monitoring HTTPS websites with Web-Mon plugin?
The Netprobe version may need an upgrade to cope with evolving web technologies and standards. The Web-Mon plugin makes use of the CURL library (libcurl), which is bundled with the Netprobe installation. This article has collected common error codes that users may encounter.
Common errors Copied
-
error:140770FC:SSL routines:func(119):reason(252)— this may be returned from older Netprobe versions from GA3.0.x to GA3.2.x. It is suggested that users upgrade their Netprobe version as appropriate. This code is usually translated as “unknown protocol”. -
error:140770FC:SSL routines:SSL23\_GET\_SERVER\_HELLO:unknown protocol— this may appear if Web-Mon plugin is unable to connect to the target website due to mismatch of protocol version or cipher. One other possibility is that the target website actually returned an HTTP rather than HTTPS response. -
error:14077410:SSL routines:SSL23\_GET\_SERVER\_HELLO:sslv3 alert handshake failure— Web-Mon plugin is unable to negotiate with the target website using the TLS protocol. It is possible that the website uses the deprecated SSL v2 or v3 protocols, which are no longer supported since Geneos version GA3.6. -
error:1407742E:SSL routines:SSL23\_GET\_SERVER\_HELLO:tlsv1 alert protocol version— this may appear when the monitored website requires TLS version 1.2 but the Netprobe is older than version GA3.6. -
error:14082174:SSL routines:ssl3\_check\_cert\_and\_algorithm:dh key too small— the target website is probably using certain weak ciphers. In particular, the OpenSSL library bundled with Geneos has been upgraded from version GA3.8.1 (NPX-903) to address various known vulnerabilities. As a result, the Web-Mon plugin may refuse to connect to some older websites. -
error:14094412:SSL routines:ssl3\_read\_bytes:sslv3 alert bad certificate— the target website may be expecting to receive a client certificate for authentication. Please check with the administrator responsible for the remote website. If that is the case, you can review the Support article How do I use client certificate to connect websites in the Web-Mon plugin? -
schannel: next InitializeSecurityContext failed: SEC\_E\_ILLEGAL\_MESSAGE (0x80090326)— this likely occurs on Windows Netprobe trying to connect newer SSL web sites. Please make sure the Netprobe version is GA5.6 (COL-8265) or above.
Diagnosis Copied
Users may try the openssl command on Linux to connect to the target website. The example below should provide more detailed messages for troubleshooting.
openssl s_client -connect *[hostname:port]*
For more information, check Transport Layer Security on Wikipedia for background of the TLS and the now-deprecated SSL protocols.