��Ĳ�

Table of Contents

1 ��ҧݧ֧ާ� �� ڧ�� էܧݧ��֧ߧڧ� �ڧݧ� ��ѧӧѧާ�

1 ��ҧݧ֧ާ� �� ڧ�� էܧݧ��֧ߧڧ� �ڧݧ� ��ѧӧѧާ�

��֧�ӧ֧� �ߧѧ��֧� �ߧ� ��էܧݧ��֧ߧڧ� �� ڧ��ݧ�٧�ӧѧߧڧ֧� PSK �� ѧԧ֧ߧ��, �ߧ� �ѧԧ֧ߧ� ��ڧߧڧާѧ֧� ��ݧ�ܧ� �ߧ֧٧ѧ�ڧ��ӧѧߧߧ�� ֧էڧߧ֧ߧڧ�

�� ا��ߧѧݧ� ��֧�ӧ֧�� ڧݧ� ��ܧ�� (�� mbed TLS (PolarSSL) 1.3.11)

Get value from agent failed: ssl_handshake(): SSL - The connection indicated an EOF

�� ا��ߧѧݧ� ��֧�ӧ֧�� ڧݧ� ��ܧ�� (�� GnuTLS 3.3.16)

Get value from agent failed: zbx_tls_connect(): gnutls_handshake() failed: \
           -110 The TLS connection was non-properly terminated.

�� ا��ߧѧݧ� ��֧�ӧ֧�� ڧݧ� ��ܧ�� (�� OpenSSL 1.0.2c)

Get value from agent failed: TCP connection successful, cannot establish TLS to [[127.0.0.1]:10050]: \
           Connection closed by peer. Check allowed connection types and access rights

��էߧ� ��ߧ� ��էܧݧ��ѧ֧�� ڧ��ݧ�٧�ӧѧߧڧ֧� ��֧��ڧ�ڧܧѧ��, �ߧ� �է��ԧѧ� ��ߧ� ��ڧߧڧާѧ֧� ��ݧ�ܧ� PSK �� ߧѧ�ҧ��

�� ݧ�ҧ�� ا��ߧѧݧ� (�� mbed TLS (PolarSSL)):

failed to accept an incoming connection: from 127.0.0.1: ssl_handshake():\
           SSL - The server has no ciphersuites in common with the client

�� ݧ�ҧ�� ا��ߧѧݧ� (�� GnuTLS):

failed to accept an incoming connection: from 127.0.0.1: zbx_tls_accept(): gnutls_handshake() failed:\
           -21 Could not negotiate a supported cipher suite.

�� ݧ�ҧ�� ا��ߧѧݧ� (�� OpenSSL 1.0.2c):

failed to accept an incoming connection: from 127.0.0.1: TLS handshake returned error code 1:\
           file .\ssl\s3_srvr.c line 1411: error:1408A0C1:SSL routines:ssl3_get_client_hello:no shared cipher:\
           TLS write fatal alert "handshake failure"

Attempting to use ��Ĳ� sender compiled with TLS support to send data to ��Ĳ� server/proxy compiled without TLS

In connecting-side log:

Linux:

...In zbx_tls_init_child()
       ...OpenSSL library (version OpenSSL 1.1.1  11 Sep 2018) initialized
       ...
       ...In zbx_tls_connect(): psk_identity:"PSK test sender"
       ...End of zbx_tls_connect():FAIL error:'connection closed by peer'
       ...send value error: TCP successful, cannot establish TLS to [[localhost]:10051]: connection closed by peer

Windows:

...OpenSSL library (version OpenSSL 1.1.1a  20 Nov 2018) initialized
       ...
       ...In zbx_tls_connect(): psk_identity:"PSK test sender"
       ...zbx_psk_client_cb() requested PSK identity "PSK test sender"
       ...End of zbx_tls_connect():FAIL error:'SSL_connect() I/O error: [0x00000000] The operation completed successfully.'
       ...send value error: TCP successful, cannot establish TLS to [[192.168.1.2]:10051]: SSL_connect() I/O error: [0x00000000] The operation completed successfully.

In accepting-side log:

...failed to accept an incoming connection: from 127.0.0.1: support for TLS was not compiled in

One side connects with PSK but other side uses LibreSSL or has been compiled without encryption support

LibreSSL does not support PSK.

In connecting-side log:

...TCP successful, cannot establish TLS to [[192.168.1.2]:10050]: SSL_connect() I/O error: [0] Success

In accepting-side log:

...failed to accept an incoming connection: from 192.168.1.2: support for PSK was not compiled in

In ��Ĳ� frontend:

Get value from agent failed: TCP successful, cannot establish TLS to [[192.168.1.2]:10050]: SSL_connect() I/O error: [0] Success

One side connects with PSK but other side uses OpenSSL with PSK support disabled

In connecting-side log:

...TCP successful, cannot establish TLS to [[192.168.1.2]:10050]: SSL_connect() set result code to SSL_ERROR_SSL: file ../ssl/record/rec_layer_s3.c line 1536: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure: SSL alert number 40: TLS read fatal alert "handshake failure"

In accepting-side log:

...failed to accept an incoming connection: from 192.168.1.2: TLS handshake set result code to 1: file ssl/statem/statem_srvr.c line 1422: error:1417A0C1:SSL routines:tls_post_process_client_hello:no shared cipher: TLS write fatal alert "handshake failure"

�����Ĳ�

Documentation

1 �����ҧݧ֧ާ� �� ��ڧ��� ���էܧݧ��֧ߧڧ� �ڧݧ� ���ѧӧѧާ�

���էߧ� ������ߧ� ���էܧݧ��ѧ֧��� �� �ڧ���ݧ�٧�ӧѧߧڧ֧� ��֧��ڧ�ڧܧѧ��, �ߧ� �է��ԧѧ� ������ߧ� ���ڧߧڧާѧ֧� ���ݧ�ܧ� PSK �� �ߧѧ�ҧ����

Attempting to use �����Ĳ� sender compiled with TLS support to send data to �����Ĳ� server/proxy compiled without TLS

In connecting-side log:

In accepting-side log:

One side connects with PSK but other side uses LibreSSL or has been compiled without encryption support

One side connects with PSK but other side uses OpenSSL with PSK support disabled

��Ĳ�

1 ��ҧݧ֧ާ� �� ڧ�� էܧݧ��֧ߧڧ� �ڧݧ� ��ѧӧѧާ�

��էߧ� ��ߧ� ��էܧݧ��ѧ֧�� ڧ��ݧ�٧�ӧѧߧڧ֧� ��֧��ڧ�ڧܧѧ��, �ߧ� �է��ԧѧ� ��ߧ� ��ڧߧڧާѧ֧� ��ݧ�ܧ� PSK �� ߧѧ�ҧ��

Attempting to use ��Ĳ� sender compiled with TLS support to send data to ��Ĳ� server/proxy compiled without TLS