On this page
- #3 PSK问题
PSK包含奇数个十六进制数字
Proxy或agent不启动,proxy或agent日志中的消息:
invalid PSK in file "/home/zabbix/zabbix_proxy.psk"长度超过128字节的PSK identity(共享密钥一致性)字符串传递给GnuTLS
在TLS客户端日志中
gnutls_handshake() failed: -110 The TLS connection was non-properly terminated.在TLS服务器端日志中。
gnutls_handshake() failed: -90 The SRP username supplied is illegal.超过32个字节的PSK传递到mbed TLS(PolarSSL)
在任何Zabbix日志中:
ssl_set_psk(): SSL - Bad input parameters to functionToo long PSK value used with OpenSSL 1.1.1
In connecting-side log:
...OpenSSL library (version OpenSSL 1.1.1 11 Sep 2018) initialized
...
...In zbx_tls_connect(): psk_identity:"PSK 1"
...zbx_psk_client_cb() requested PSK identity "PSK 1"
...End of zbx_tls_connect():FAIL error:'SSL_connect() set result code to SSL_ERROR_SSL: file ssl\statem\extensions_clnt.c line 801: error:14212044:SSL routines:tls_construct_ctos_early_data:internal error: TLS write fatal alert "internal error"'In accepting-side log:
...Message from 123.123.123.123 is missing header. Message ignored.This problem typically arises when upgrading OpenSSL from 1.0.x or 1.1.0 to 1.1.1 and if the PSK value is longer than 512-bit (64-byte PSK, entered as 128 hexadecimal digits).
See also: Value size limits