Hi all,
I have upgraded recently PRTG to version 23.2.83. Since this upgrade, all my SSL Check sensors for ONLY my HPe systems are down. Error is: Failed to shutdown the TLS connection.error:140E0197:SSL routines:SSL_shutdown:shutdown while in init
It was working before the upgrade, and nothing changed (no firewall changes, etc.). The other HTTPS checks are working well.
I also checked the web GUI themselves: all are working well, and certificate is approved.
Can you help me for that ?
Thanks in advance !
Article Comments
Hello,
The embedded Web Server on HPE devices seems to deliver an unspecified response when queried for an unknown Cipher request, as we introduced TLS 1.3 support in the last release this is caused by an attempt in our sensors to use TLS 1.3 with the HPE Web Server.
We updated the affected sensors to treat the message that the Web Server is returning as a not supported message and falling back to TLS 1.2. This updated Sensors ships in Version 23.2.84.1566 which has been released today.
Kind regards,
Johannes Beyerlein, Technical Support Team
May, 2023 - Permalink
Hi, Yes, I can confirm that after updating PRTG to version 23.2.84.1566, the sensors are now working well (for the SSL Security Check) :-)
Just, for now, some Aruba switches are in warning, showing "Weak protocols available" (sometimes showing SSL3 enabled, sometimes TLS1.0, sometimes both). But I have verified my configurations and switches are correct, with the config "tls application web-ssl lowest-version tls1.2"
Strange is that this only appear on some switch, not all, and all have the same configuration. I will continue to compare and investigate, but if you have any idea ;-)
Kind regards
May, 2023 - Permalink
Hello ZeDidi,
If you are still experiencing issues with this sensor please reach out to us via support ticket so we can evaluate if this is some additional bug.
Kind regards, Johannes Beyerlein, Technical Support Team
May, 2023 - Permalink
Hi, Yes, I'm still seeing that SSL Security Check is flapping between "warning" and "green status", due to protocols version sometimes seen as unsecured (TLS1.0-1.1), sometimles only TLS1.2 is accessible.
All switches have the same configuration, and I already tried to remove-reenter the configuration of TLS version: same issue.
I think that the switch is well configured, but PRTG sensor is not always able to get correct data. What I also see in the switch event log: Line 1 = SSL/TLS session started for WEB-UI from <IP-of-PRTG> Line 2 (same second) = User: TLS connection failed for WEB-UI from <IP-of-PRTG> due to cipher mismatch Line 3 (same second) = User: TLS connection failed for WEB-UI from <IP-of-PRTG> (X times in 60 seconds)
Should I add a specific Ciphers ? Or remove some others ?
Best regards.
May, 2023 - Permalink
Hello,
The recommendation is to update to the latest version 23.2.84.1566 where multiple SSL issues were fixed. If issue persists on this version, please contact us via a support ticket for further investigation.
Jun, 2023 - Permalink
Hi, i have the same error. After updating to version 23.2.83.1760, the sensor is faulty.
May, 2023 - Permalink