Skip to main content
Question

Centreon Monitoring Agent uses TLSv1.0 on Windows 10 VM with TLSv1.2 enabled and TLSv1.0 disabled

  • March 23, 2025
  • 1 reply
  • 9 views
U
Forum|alt.badge.img+5

I am attempting to monitor a Windows 10 host with CMA. The packet capture shows that the agent attempts to establish an encrypted connection using TLS 1.0 but is rejected during the handshake by the poller.

How can I change the protocol used by the CMA to TLS 1.2?

 

My config is as follows:

Host to be monitored :

  • OS: Windows 10
  • Agent version : 24.10.0
  • Configuration :
    • Poller endpoint : 192.168.122.64
    • Poller-initiated connection : NO
    • Encryption : YES
    • Trusted CA’s certificate file : ADDED
  • IP : 192.168.122.124
  • Enabled SSL protocols : TLSv1.2

Poller (Central used as poller) :

  • OS: Almalinux 9
  • Centreon version : 24.10.3
  • IP : 192.168.122.64
  • Enabled SSL protocols : TLSv1.1, TLSv1.2, TLSv1.3

 

Extract from CMA log file :

[2025-03-18 16:30:06.847] [centreon-monitoring-agent] [info] [main_win.cc:169] centreon-monitoring-agent start

[2025-03-18 16:30:06.848] [centreon-monitoring-agent] [debug] [grpc_client.cc:51] client this=0x829eea7080 activate compression deflate

[2025-03-18 16:30:06.848] [centreon-monitoring-agent] [info] [grpc_client.cc:67] encrypted connection to 192.168.122.64:4317 cert: ..., key: ..., ca: -----BEGIN...

[2025-03-18 16:30:06.877] [centreon-monitoring-agent] [info] [scheduler.cc:160] schedule 0 checks to execute in 1s

[2025-03-18 16:30:06.877] [centreon-monitoring-agent] [debug] [bireactor.cc:51] create client this=0x829ef37610 peer:192.168.122.64:4317

[2025-03-18 16:30:06.981] [centreon-monitoring-agent] [error] [bireactor.cc:99] 0x829ef37610 client peer:192.168.122.64:4317 fail read from stream

[2025-03-18 16:30:06.981] [centreon-monitoring-agent] [error] [bireactor.cc:146] 0x829ef37610 client peer 192.168.122.64:4317 fail write to stream

[2025-03-18 16:30:06.981] [centreon-monitoring-agent] [debug] [bireactor.cc:196] 0x829ef37610 client::shutdown

 

Failed handshake

 

TLS 1.2 configured on Windows 10 VM

 

Observation :

I understand it may be possible to install the necessary openssl stack on the Poller so TLSv1.0 is supported; however for the use-case at hand, TLSv1.0 is not a viable option. Thus the need to make TLSv1.2 work.

U
Forum|alt.badge.img+5
  • uneric1
  • Steward **
  • March 24, 2025

Additional info; I omitted one important bit of the CMA logs :

[2025-03-19 17:52:48.424] [centreon-monitoring-agent] [error] [bireactor.cc:187] 0x71e3b63a0 peer:192.168.122.64:4317 client::OnDone(failed to connect to all addresses; last error: UNKNOWN: ipv4:192.168.122.64:4317: Ssl handshake failed: SSL_ERROR_SSL: error:0A00010B:SSL routines::wrong version number) 
 

Reply


Terms & ConditionsCookie settings

Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings