HTTP error: Receiving data -- Resource temporarily unavailable for TLS connection

Comments (11)

1. 

   Imran Ahmed reporter

   • edited description

   • 2018-11-27T04:53:29+00:00
2. 

   Imran Ahmed reporter

   • edited description

   • 2018-11-27T04:54:27+00:00
3. 

   Imran Ahmed reporter

   • edited description

   • 2018-11-27T04:55:17+00:00
4. 

   Tildeslash repo owner

   • edited description

   • 2018-11-27T11:35:33+00:00
5. 

   Tildeslash repo owner

   Hello, it seems the connection timed out during the TLS handshake.

   You're using the client certificate ... does the server support client certificates authentication?

   Please can you test the following configuration?:

   if failed 
     port 4048
     protocol https
     request /containers/mycontainer/json
     and content = "running"
     then alert
   

   • 2018-11-27T11:39:30+00:00
6. 

   Imran Ahmed reporter

   that'd have failed for sure as it just did whit the following error. yes, I want client auth wiht the certificate and it works when tested with the curl like I said passing those certs and key. without that cert server would reject anyway. There is not a complete example anywhere I could find passing all tls setting with files path in local connection option, this is not in monitrc file btw, it is in one of the custom configuration file..didnt change anything in monitrc file, not sure if I have to?

   SSL: write error -- error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure Socket test failed for [xx,xx.xx.xx]:4048 -- HTTP: error sending data -- Success 'contest-mycontainer' failed protocol test [HTTP] at [xx.xx.xx.xx]:4048/containers/mycontainer/json [TCP/IP TLS] -- HTTP: error sending data -- Success Sending Connection failed notification to admin@dittrex.com

   • 2018-11-27T14:48:24+00:00
7. 

   Imran Ahmed reporter

   one other thing i also tried, putting a wrong path to the cert files, it still fails with the same error . it seems to me monit doesn't care about the cert files , i would expect it giving some error like file not found or something . I also tried with verify: disable but no luck

   pemfile: /monit/monit-5.25.2/certs/svcnode02/key_wrong.pem clientpemfile: /monit/monit-5.25.2/certs/svcnode02/cert_wrong.pem

   • 2018-11-27T14:52:39+00:00
8. 

   Tildeslash repo owner

   Please can you provide a testing/sandbox access and testing client certificate so we can try to reproduce?

   • 2018-11-28T13:58:50+00:00
9. 

   Imran Ahmed reporter

   that'd be security issue .. also I dont have the opportunity to simulate a full sandbox for it ATM. All i need a working example of a monit rule that uses client cert to make connection

   • 2018-11-28T17:15:57+00:00
10. 

    Tildeslash repo owner

    I'll try to reproduce the problem, please can you provide more details about the setup so i can get as close to your configuration as possible?:

    1.) which webserver it is?

    2.) which SSL library it uses?

    3.) please provide snip of your webserver configuration for client certificate authentication (you can obfuscate data which you don't want to show)

    4.) do you use self-signed certificates? (based on the monit config option you used)

    • 2018-11-30T13:41:16+00:00
11. 

    Imran Ahmed reporter

    its docker engine api. both client and server running on same ubuntu 16.04 ..dont know what ssl lib it uses, because its not failing because of library issue..looks like monit totally ignores all tls related params . I can't share my server url here , its very secure stuff ..thats one of the reason trying to make it tls secure so only client with the right self signed certificate can connect , because like I mentioned earlier monit connects without tls. I think its not also appropriate to share my server url info on public forum like this. All I need a working example of a tls verified monit connection with a certificate not just simple ssl

    • 2018-12-01T03:17:06+00:00
12. Log in to comment