We have been using SSL Certificate Sensor for number of websites/domains and it was working fine for years until I moved some of them to Cloudflare for DNS (SSL/TLS encryption mode is Full (strict)).
I'm getting this error message now (PRTG version 22.1.75.1594 ):
Failed to establish secure connection
[Step 0] Error connecting with SSL. Error connecting with SSL. error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
[Step 1] Error connecting with SSL. Error connecting with SSL. error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
[Step 2] Error connecting with SSL. Error connecting with SSL. error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
[Step 3] Error connecting with SSL. Error connecting with SSL. error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
[Step 4] Error connecting with SSL. Error connecting with SSL. error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number
[Step 5] Error connecting with SSL. Error connecting with SSL. error:14077102:SSL routines:SSL23_GET_SERVER_HELLO:unsupported protocol
Is there something I can do to get this sensor working again?
Article Comments
Was this fixed yet? I am experiencing the same issue and am running 22.1.75.1594+. Thanks!
Jun, 2022 - Permalink
Hello,
Thank you for your message.
The development team is working under the hood to update the library used for our sensors to be able to handle TLS 1.3 (among other benefits). However, I'm afraid that it has to be done in multiple parts and therefore it will take some time before TLS 1.3 is supported.
Regards.
Jun, 2022 - Permalink
Hi Florian,
Why does it work without issue in version 21.4.72.1649, but fail in 22.2.77? We just had to roll back an upgrade because of this.
Regards,
Jul, 2022 - Permalink
Hi Andrew,
Thank you for your message.
We have received a few support cases regarding this issue however the actual origin of the problem might be different than the limited supported version(s) of TLS. In these cases, the problem was due to a wrong SNI (Server Name Indication).
Therefore, when this happens I recommend to provide the SNI within the sensor Settings tab accordingly. Here is the sensor manual if needed: https://www.paessler.com/manuals/prtg/ssl_certificate_sensor. When configured, the sensor should start working properly again.
Regards.
Jul, 2022 - Permalink
Hello Marcin,
According to the error returned by the sensor, only TLS 1.3 connections are allowed however the sensor doesn't support it yet (hence the error "unsupported protocol"). Our development team are improving many sensors in the background however I can't tell you when TLS 1.3 will be supported. Nevertheless, this is planned to do so.
Regards.
Apr, 2022 - Permalink