OCSInventory-NG / UnixAgent

This is the OCS unified agent for Unix operating systems
http://www.ocsinventory-ng.org/en/
GNU General Public License v2.0
90 stars 85 forks source link

Agent on macOS uses SSLv3 #314

Open multiflexi opened 4 years ago

multiflexi commented 4 years ago

General informations

Operating system : macOS Mojave 10.14.6 Perl version : v5.18.4

OCS Inventory informations

Unix agent version : 2.6.0

Problem's description

Agent cannot connect to the server because (according to log) tries to use SSLv3. Server supports only TLS 1.2 and 1.3. Agent on Mac with Catalina works without issues.

cat /var/log/ocsng.log
[Sun Oct 11 19:11:43 2020][error] Cannot establish communication : 500 Can't connect to ocsi.vse.cz:443 (LWP::Protocol::https::Socket: SSL connect attempt failed because of handshake problems error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure)
daniejstriata commented 4 years ago

I've seen this in the past and was not able to fix. Following.

gillesdubois commented 4 years ago

Hi,

2.8 of the mac agent is coming soon. We will address the problem during this release.

Regards, Gilles.

multiflexi commented 3 years ago

Hi, I just installed agent version 2.8.0 and the behaviour is exactly the same.

multiflexi commented 3 years ago

Am I the only one with this issue or is it well known?

fbomj commented 3 years ago

which version of openssl and Net::SSLeay ?

multiflexi commented 3 years ago

LibreSSL 2.6.5 and Net::SSLeay 1.72.

fbomj commented 3 years ago

Upgrade to latest version of LibreSSL and Net::SSLeay (1.88)

daniejstriata commented 3 years ago

Do you mean to update those libraries for the OS or to compile OCS using these?

fbomj commented 3 years ago

Update librairies for OS.