nsca-ng fails under TLS 1.3 / openssl 1.1.1: "Cannot retrieve client identity" error
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nsca-ng (Debian) |
Fix Released
|
Unknown
|
|||
nsca-ng (Ubuntu) |
Fix Committed
|
Undecided
|
Unassigned |
Bug Description
I have a nsca-ng setup on localhost, with the only customization being a 'checker' identity configured in /etc/nsca-
authorize "checker" {
password = "s2LDCy4CiK6yrl
hosts = ".*"
services = ".*"
}
and corresponding /etc/send_nsca.cfg:
server = localhost
identity = checker
password = "s2LDCy4CiK6yrl
When I send a test message:
/usr/share/
the client fails with:
send_nsca: [FATAL] Socket error (localhost (ID: UAM9O/A0)): Connection reset by peer
and the server (in syslog) report:
nsca-ng[28392]: Cannot retrieve client identity
I have an identical setup on an Ubuntu 18.04.1 server, where this works.
After taking TCP dumps on working and non-working servers (tcpdump -i lo 'port 5668' -w /tmp/send_
The failing code can be seen at https:/
Specifically, the OpenSSL SSL_get_
I know zilch about TLS handshakes, but I noticed a comment in Zabbix's TLS library (https:/
5555 /* SSL_get_
5556 /* but returns NULL with TLS 1.3 in OpenSSL 1.1.1 */
I'm running Ubuntu 18.10, nsca-ng 1.5-3 (also tried 1.5-2build2) and openssl 1.1.1-1ubuntu2.1. The working server is Ubuntu 18.04.1, nsca-ng 1.5-2build2 and openssl 1.1.0g-2ubuntu4.3.
ProblemType: Bug
DistroRelease: Ubuntu 18.10
Package: nsca-ng-server 1.5-2build2
ProcVersionSign
Uname: Linux 4.18.0-13-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.10-0ubuntu13.1
Architecture: amd64
CurrentDesktop: MATE
Date: Mon Feb 11 14:02:33 2019
InstallationDate: Installed on 2018-11-28 (74 days ago)
InstallationMedia: Ubuntu-MATE 18.10 "Cosmic Cuttlefish" - Release amd64 (20181017.2)
SourcePackage: nsca-ng
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
mtime.conffile.
Changed in nsca-ng (Debian): | |
status: | Unknown → Fix Released |
tags: | removed: cosmic |
This should be fixed in 1.6.