Comments (5)
Is it possible, that the OpenSSL python module (https://packages.ubuntu.com/focal/python3-openssl) removed support for EOL TLS protocols such as TLS 1.0 ?
Additional info for research:
https://stackoverflow.com/questions/59408646/ssl-sslerror-ssl-unsupported-protocol-unsupported-protocol-ssl-c852-in-d
https://stackoverflow.com/questions/53058362/openssl-v1-1-1-ssl-choose-client-version-unsupported-protocol/53065682#53065682
from check_esxi_hardware.
Looking at https://www.openssl.org/docs/man1.1.0/man3/SSL_CONF_cmd.html, it might actually be a bug in check_esxi_hardware. According to that documentation, the correct protocol versions are:
Currently supported protocol values are SSLv3, TLSv1, TLSv1.1, TLSv1.2, DTLSv1 and DTLSv1.2.
@AndyBCN can you try it with https://raw.githubusercontent.com/Napsty/check_esxi_hardware/issue-51/check_esxi_hardware.py and the parameter --sslproto=TLSv1
?
from check_esxi_hardware.
With the most recent script and TLSv1 I get the following output:
20210118 12:51:22 Using non-default SSL protocol: TLSv1
20210118 12:51:22 Creating OpenSSL config file: /tmp/192.168.1.17_openssl.conf
20210118 12:51:22 LCD Status: True
20210118 12:51:22 Chassis Intrusion Status: True
20210118 12:51:22 Connection to https://192.168.1.17
20210118 12:51:22 Found pywbem version 1.1.2
20210118 12:51:22 Check classe OMC_SMASHFirmwareIdentity
Traceback (most recent call last):
File "./check_esxi_hardware.py", line 776, in <module>
except pywbem.cim_operations.CIMError as args:
AttributeError: 'module' object has no attribute 'cim_operations'
from check_esxi_hardware.
I was able to reproduce this with an ESXi 5.0. However I am currently stumped with work and don't have time to investigate. I will pick up as soon as I have time again.
In the meantime I suggest to try with an older version of the plugin and/or an older version of pywbem.
from check_esxi_hardware.
Interesting, I cannot reproduce this anymore. Using a virtual ESXi 5.0.0.
Using curl
to verify that the CIM server only responds with TLSv1:
$ curl --tlsv1 https://192.168.15.112:5989 -k -I
HTTP/1.1 501 Not Implemented
Server: sfcHttpd
Content-Length: 0
$ curl --tlsv1.1 https://192.168.15.112:5989 -k -I
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
$ curl --tlsv1.2 https://192.168.15.112:5989 -k -I
curl: (35) error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol
And then use check_esxi_hardware.py
with -S TLSv1
:
$ python3 ./check_esxi_hardware.py -H 192.168.15.112 -U root -P Secret123. -S TLSv1 -v
/usr/lib/python3/dist-packages/requests/__init__.py:89: RequestsDependencyWarning: urllib3 (1.26.4) or chardet (3.0.4) doesn't match a supported version!
warnings.warn("urllib3 ({}) or chardet ({}) doesn't match a supported "
20210602 11:39:58 Using non-default SSL protocol: TLSv1
20210602 11:39:58 Creating OpenSSL config file: /tmp/192.168.15.112_openssl.conf
20210602 11:39:58 LCD Status: True
20210602 11:39:58 Chassis Intrusion Status: True
20210602 11:39:58 Connection to https://192.168.15.112
20210602 11:39:58 Found pywbem version 1.2.0
20210602 11:39:58 Check classe OMC_SMASHFirmwareIdentity
20210602 11:39:59 Element Name = System BIOS
20210602 11:39:59 VersionString = 6.00
20210602 11:39:59 Check classe CIM_Chassis
20210602 11:39:59 Element Name = Chassis
20210602 11:39:59 Manufacturer = No Enclosure
20210602 11:39:59 SerialNumber = VMware-56 4d b8 66 f3 c9 b8 a8-ab cb f3 76 3d d3 e4 82
20210602 11:39:59 Model = VMware Virtual Platform
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Check classe CIM_Card
20210602 11:39:59 Element Name = Other
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Check classe CIM_ComputerSystem
20210602 11:39:59 Element Name = localhost
20210602 11:39:59 Check classe CIM_NumericSensor
20210602 11:39:59 Check classe CIM_Memory
20210602 11:39:59 Element Name = CPU #000 Level-1 Cache
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Element Name = CPU #000 Level-2 Cache
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Element Name = CPU #001 Level-1 Cache
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Element Name = CPU #001 Level-2 Cache
20210602 11:39:59 Element Op Status = 0
20210602 11:39:59 Element Name = Memory
20210602 11:39:59 Check classe CIM_Processor
20210602 11:39:59 Element Name = CPU #000
20210602 11:39:59 Family = 2
20210602 11:39:59 CurrentClockSpeed = 3600MHz
20210602 11:39:59 Element Op Status = 2
20210602 11:39:59 Element Name = CPU #001
20210602 11:39:59 Family = 2
20210602 11:39:59 CurrentClockSpeed = 3600MHz
20210602 11:39:59 Element Op Status = 2
20210602 11:39:59 Check classe CIM_RecordLog
20210602 11:40:00 Check classe OMC_DiscreteSensor
20210602 11:40:00 Check classe OMC_Fan
20210602 11:40:00 Check classe OMC_PowerSupply
20210602 11:40:00 Check classe VMware_StorageExtent
20210602 11:40:00 Check classe VMware_Controller
20210602 11:40:00 Check classe VMware_StorageVolume
20210602 11:40:00 Check classe VMware_Battery
20210602 11:40:01 Check classe VMware_SASSATAPort
OK - Server: No Enclosure VMware Virtual Platform s/n: VMware-56 4d b8 66 f3 c9 b8 a8-ab cb f3 76 3d d3 e4 82 System BIOS: 6.00 2020-07-22
Specs:
- check_esxi_hardware.py from branch issue-51
- Python 3.8.5
- pywbem 1.2.0
- openssl 1.1.1f
Maybe the upgrade to pywbem 1.2.0 solves it? Can you check @AndyBCN ?
from check_esxi_hardware.
Related Issues (20)
- error inconsistent with command line requirements
- clean up /tmp/<ip>_openssl.conf
- Feature Request - Storage Monitoring HOT 7
- Controller Alarm not reported HOT 6
- The script doesn't work on Ubuntu 20.04 HOT 2
- Error on importing pywbem.cim_http and pywbem.cim_operations HOT 7
- was working fine with esxi 7.0 but not with 7.0.2 anymore HOT 4
- pywbem 1.0 and later no longer support "no_verification" in WBEMConnection HOT 1
- Connection error after ESXi upgrade HOT 8
- Unconfigured Disk flapping VMware ESXi 7.0.3 HOT 6
- cim_operations error HOT 10
- Run check_esxi_hardware.py with readonly user on esxi HOT 3
- ImportError: No module named pywbem | Ubuntu 20.04.03 HOT 7
- Run check_esxi_hardware.py with readonly user on esxi not working HOT 3
- check_esxi_hardware.py fails after ESXI upgrade HOT 6
- ignore certificate check HOT 3
- TypeError: can only concatenate str (not "NoneType") to str
- Is there any way to check HealthState or Status of NIC(vmnic)? HOT 1
- pkg_resources is deprecated HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from check_esxi_hardware.