We use OpenSSL on a CentOS 6 server to monitor the certificate on servers for RDP.
To do this we use:
openssl s_client -connect SERVER01:3389 -prexit
This has worked flawlessly until 4 days ago, when it suddenly stops showing that a cert is used and instead shows the following for a single server:
CONNECTED(00000003)
140439032170136:error:140790E5:SSL routines:ssl23_write:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1539710511
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 305 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1539710511
Timeout : 300 (sec)
Verify return code: 0 (ok)
---
I have seen that older versions of OpenSSL caused this error, but since the version hasn't change (1.0.1e) and it was working, I cannot see what is wrong.
I've also tried resetting the server's RDP cert, but again no change.
0 Answers