[Pkg-nagios-devel] Bug#914489: nagios-nrpe-plugin: SSL connections to "old" (as in Jessie) nagios-nrpe-server(s) broken
Alberto Gonzalez Iniesta
agi at inittab.org
Fri Nov 23 20:26:03 GMT 2018
Package: nagios-nrpe-plugin
Version: 3.2.1-1~bpo9+1
Severity: important
Hi,
After updating nagios-nrpe-plugin in my monitoring host to
3.2.1-1~bpo9+1 most of my monitored instances fail to be checked.
AFAICT only those running Stretch continue to work. The error from the
new nagios-nrpe-plugin is as follows:
Nov 23 21:08:29 XXXX check_nrpe: Error: (!log_opts) Could not complete SSL handshake with A.B.C.D: dh key too small
I tried disabling Anonymous Diffie Hellman with '-d 0' but in that case
it also fails to contact remote hosts with:
Nov 23 21:08:34 XXXX check_nrpe: Error: (!log_opts) Could not complete SSL handshake with A.B.C.D: sslv3 alert handshake failure
I could not find a combination of -d/-S/-2 that made possible to check
nagios-nrpe-server from Jessie or previous releases. This is a major
showstopper, since upgrading a monitoring host show not force someone to
update *all* their monitored hosts. And -2 is of no use if it cannot
check 2.x nagios-nrpe-servers.
Please fix this for Buster, or at least include a huge warning before
this hits those upgrading to Buster.
-- System Information:
Debian Release: 9.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.9.0-8-amd64 (SMP w/2 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages nagios-nrpe-plugin depends on:
ii libc6 2.24-11+deb9u3
ii libssl1.1 1.1.0f-3+deb9u2
nagios-nrpe-plugin recommends no packages.
nagios-nrpe-plugin suggests no packages.
-- no debconf information
More information about the Pkg-nagios-devel
mailing list