Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] HP ProLiant DL360 G7 | SSL connect attempt failed error:0A000152:SSL routines::unsafe legacy renegotiation disabled) #5142

Open
OverStyleFR opened this issue Aug 21, 2024 · 7 comments
Open

[BUG] HP ProLiant DL360 G7 | SSL connect attempt failed error:0A000152:SSL routines::unsafe legacy renegotiation disabled) #5142

OverStyleFR opened this issue Aug 21, 2024 · 7 comments

Comments

@OverStyleFR
Copy link

Quick description

My bug is when i'm trying to use the plugin HP ILO (ResetAPI or XMLAPI) the SSL is to old (TLS 1.0)

How to reproduce

  • Environment: result of Linux Centreon 6.8.4-2-pve #1 SMP PREEMPT_DYNAMIC PMX 6.8.4-2 (2024-04-10T17:36Z) x86_64 GNU/Linux | 12.6.
  • Version of the plugin: 20240808-1~bookworm
  • Information about the monitored resource: HP ProLiant DL360 G7
  • Command line:
/usr/lib/centreon/plugins//centreon_hp_ilo_restapi.pl --plugin=hardware::server::hp::ilo::restapi::plugin --mode=hardware --hostname='192.168.1.30' --api-username='username' --api-password='password'  --component='.*' --verbose

Expected result

A result of the variable/sensors of ILO

Actual result

UNKNOWN: Login error [code: '500'] [message: 'Can't connect to 192.168.1.30:443 (SSL connect attempt failed error:0A000152:SSL routines::unsafe legacy renegotiation disabled)']
@tomasfon
Copy link

I resolved this same scenario by asking the AI. In my case, it works now, although it involves enabling an insecure protocol…

Edit the OpenSSL configuration file:
Open the file /etc/ssl/openssl.cnf with a text editor, for example:
sudo nano /etc/ssl/openssl.cnf

Add the configuration:
Add the following lines at the end of the file:
openssl_conf = openssl_init

[openssl_init]
ssl_conf = ssl_sect

[ssl_sect]
system_default = system_default_sect

[system_default_sect]
Options = UnsafeLegacyRenegotiation

Save and close the file.
Set the environment variable:
Ensure that the OPENSSL_CONF environment variable is set to point to your customized openssl.cnf file. You can do this by adding the following line to your environment configuration file (e.g., .bashrc or .profile):
export OPENSSL_CONF=/etc/ssl/openssl.cnf

Restart the services:
After making these changes, restart the relevant services to apply the changes. For example, for Apache:
sudo systemctl restart apache2

@tomasfon
Copy link

I used too this extra option:

--ssl-opt 'SSL_verify_mode => SSL_VERIFY_NONE, SSL_version => "TLSv1"' --ssl-opt='SSL_cipher_list => "DEFAULT:!DH"'

@OverStyleFR
Copy link
Author

Don't work.

@OverStyleFR
Copy link
Author

I don't have time to clarify, i will respond later.

@lucie-dubrunfaut
Copy link
Contributor

Hello :)

Have you try the option --insecure ?

@OverStyleFR
Copy link
Author

Hello :)

Have you try the option --insecure ?

Yes

@lucie-dubrunfaut
Copy link
Contributor

Unfortunately, with the information we have, it's difficult to answer in this issue. The plugin's output seems to indicate that it is a SSL connection problem that is not directly caused by the plugin itself. Have you tried running the curl command by hand to check whether you also get a 500 return code?
If possible, can you give us some data that will enable us to resimulate the context of your issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tomasfon @OverStyleFR @lucie-dubrunfaut