Hodžův blog

21 Zář

Failed to establish secure connection: sslv3 alert handshake failure: 1040

Debian 10 (Buster) + latest NSClient++ on Windows 2019 server

root@nagios:/# /usr/lib/nagios/plugins/check_nrpe -H -c check_ad
CHECK_NRPE: (ssl_err != 5) Error - Could not complete SSL handshake with 1

2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:273: Seems we other end is not using ssl: unknown protocol
2019-09-21 18:30:46: error:c:\source\master\include\socket/connection.hpp:274: Please review the ssl option as well as ssl options in settings.
2019-09-21 18:30:48: error:c:\source\master\include\socket/connection.hpp:276: Failed to establish secure connection: sslv3 alert handshake failure: 1040

Quick FIX:
1. Generate DH key on Linux machine (it takes a long time)
openssl dhparam -C 2048 2> /dev/null|sed -n '/BEGIN/,/END/p'


2. Paste your DH key to newly created file
C:\Program Files\NSClient++\security\nrpe_dh_2048.pem

3. Open command prompt in Windows (under user with admin privilegs) and run these commands:
cd "\Program Files\NSClient++"
nscp settings --path /settings/NRPE/server --key dh --set "${certificate-path}/nrpe_dh_2048.pem"

4. Restart NSClient++ service
net stop nscp && net start nscp

Test it:
root@nagios:/# /usr/lib/nagios/plugins/check_nrpe -H
I ( 2018-01-28) seem to be doing fine...

root@nagios:/# /usr/lib/nagios/plugins/check_nrpe -H -c ad_status
OK - services: OK. replications: OK. advertising: OK. fsmocheck: OK. ridmanager: OK. machineaccount: OK.

9 Responses to “Failed to establish secure connection: sslv3 alert handshake failure: 1040”

  1. 1
    Jakub Štajner Says:

    Wow, it works!
    I have tried about 10 workarounds and none of them works properly – this is a real life saver!!!

    Thank you 🙂

  2. 2
    Aleksander Says:

    Thank you!
    Could you share „ad_status“ nsclient script, please!

  3. 3
    Richard Durivage Says:

    Thank you so much for these troubleshooting steps! Truly a life saver! Worked 100% first shot!

  4. 4
    admin Says:


  5. 5
    Daniel Says:

    Very nice! What if I receive the same error between the Nagios Server and a Linux Client? I’m trying to monitor a linux client using nrpe, but I am receiving the same error CHECK_NRPE: (ssl_err != 5). I tried adding the nrpe_dh_2048.pem file to /etc/nagios/ on the linux client, and setting ssl_version=SSLv3, ssl_client_certs=2 and ssl_cert_file=/etc/nagios/nrpe_dh_2ß48.pem in nrpe.cfg. It won’t work. Any idea? Thank you!

  6. 6
    admin Says:

    Current versions of check_nrpe are incompatible with old nrpe linux servers. I replaced check_nrpe and now I can monitor successfully again. Better a bad encryption than no encryption at all…

    If you have Nagios 4 (Debian Buster) like me, you can use the following procedure:
    # apt install binutils tar wget
    # wget http://ftp.cz.debian.org/debian/pool/main/n/nagios-nrpe/nagios-nrpe-plugin_2.15-1_amd64.deb
    # ar x nagios-nrpe-plugin_2.15-1_amd64.deb
    # tar xvf data.tar.xz
    # cp ./usr/lib/nagios/plugins/check_nrpe /usr/lib/nagios/plugins/check_nrpe.jessie
    # /usr/lib/nagios/plugins/check_nrpe -H some.machine.local
    CHECK_NRPE: (ssl_err != 5) Error – Could not complete SSL handshake with xxx.xxx.xxx.xxx: 1
    # /usr/lib/nagios/plugins/check_nrpe.jessie -H some.machine.local
    NRPE v2.12

  7. 7
    Daniel Donath Says:

    Thank you very much! It worked perfectly.

  8. 8
    Claudio Says:

    Excellent write-up. I am surprised this info can neither be found on NRPE nor on NSClient documentation. Thanks for sharing!

  9. 9
    Prathamesh Says:

    The article was really helpful in helping me understand the issue. I recognize that not everyone would be able to or would like to use nrpe plugin 2.15, not to mention that it’s hard to find. The other solution presented is good and more practical than using v2.15. I had to create a PowerShell script to fix my issue. If this helps anyone visiting this page, I would appreciate them checking out my GitHub repo.


Leave a Reply

Hodžův blog is is proudly powered by Wordpress and the Magellan Theme