Package: monitoring-plugins Version: 2.1.1
As Described the problem: https://www.rfc-editor.org/rfc/rfc7568.txt According to rfc7568, sslv3 is no longer considered secure. This patch disables sslv3 if the system's openssl is compiled without it. (Jessie) Below is a transcript: --- monitoring-plugins-2.1.1.orig/plugins/sslutils.c +++ monitoring-plugins-2.1.1/plugins/sslutils.c @@ -66,7 +66,12 @@ int np_net_ssl_init_with_hostname_versio #endif break; case 3: /* SSLv3 protocol */ +#if defined(OPENSSL_NO_SSL3) + printf(("%s\n", _("CRITICAL - SSL protocol version 3 is not supported by your SSL library."))); + return STATE_CRITICAL; +#else method = SSLv3_client_method(); +#endif break; default: /* Unsupported */ printf("%s\n", _("CRITICAL - Unsupported SSL protocol version.")); I am using Debian GNU/Linux 8 (Jessie) , Kernel 3.16.7-ckt25-1 and GLIBC 2.19-18+deb8u4 Regard, Anoop Seburuth
