Running node wizard on RHEL 8 with sslv3 disabled

I am trying to install icinga2-2.10.2-1 on a RHEL 8 server, with the icinga master already installed and operational on a RHEL 7 server. When I get to the point where I’m running the icinga2 node wizard command to pair the client with the master server, it fails with an sslv3 handshake error.

According to RHEL 8 documentation, sslv3 is disabled by default on RHEL8 and I am not permitted to enable it in my environment. Is there any way I can change the node wizard to use a different cipher that is enabled on RHEL 8?

Is there a particular reason you’re trying to install such an old version of Icinga2 (2019-07-23)?

It’s what my employer approved.

Unfortunately I’m in a situation where working around stupid technical problems is easier than working through the bureaucracy to get a newer version approved.

SSLv3 isn’t going to be any more secure even if you get it working. Maybe this will help (from 2014) https://www.openssl.org/~bodo/ssl-poodle.pdf

I understand, I’m not trying to enable sslv3. I’m trying to see if I can make node wizard use a different protocol that is not disabled in RHEL 8.

I’m using CentOS 8 satellites (with CentOS 7 master) and have not come across this issue, so I’m wondering if there is something else specific about your environment that even tries SSLv3.

Can you run this on both servers? openssl ciphers -v | awk '{print $2}' | sort | uniq

You may also want to try the steps here that go more in depth: Troubleshooting - Icinga 2

The output of that command is SSLv3, TLSv1, TLSv1.2, TLSv1.3

Have you run the other troubleshooting steps I linked to?

I ran the s_connect command and confirmed it uses TLSv1.2 to connect CentOS 8 to CentOS 7. Granted, I am using the current/near current version. However, TLS support was added long before even the old version you are using - at least from what I have seen.