Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor

Is https://updates.checkpoint.com down or broken?

I noticed some errors on our gateways recently.

They could not check for updates.

It seems the update servers are not behaving properly.

I tried multiple times, 1 out of 5 responded correctly, the other gave an error or timed out during TLS handshake.

See below for details on a few tries.

---

TLS handshake timeout

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 194.29.39.19...

* Connected to updates.checkpoint.com (194.29.39.19) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:52 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:53:27 2018

* err is -1, detail is 5

* errdetail=0x0

ERR_lib_error_string: (nil)

 ERR_func_error_string: (nil)

 ERR_reason_error_string: (nil)

 ERR_error_string: error:00000000:lib(0):func(0):reason(0)

* Unknown SSL protocol error in connection to updates.checkpoint.com:443 

* Closing connection 0

curl: (35) Unknown SSL protocol error in connection to updates.checkpoint.com:443 

---

Apparently OK connection

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:17 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

< HTTP/1.1 200 OK

< Date: Thu, 27 Sep 2018 09:50:19 GMT

< Server: Apache

< Last-Modified: Mon, 02 Apr 2012 20:31:37 GMT

< Accept-Ranges: bytes

< Content-Length: 306

< Content-Type: text/html

< 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

        <META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=http://www.checkpoint.com">

        <SCRIPT Language="JavaScript">

           window.location.replace('http://www.checkpoint.com');

        </SCRIPT>

</head>

</html>

* Connection #0 to host updates.checkpoint.com left intact

---

Handshake OK, SSL read error

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:13 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

9 Replies
Highlighted
Champion
Champion

Check Point Services Status reports no issues.

0 Kudos
Contributor

Tried it from Qualys/SSLlabs ”test your server” SSL Server Test: updates.checkpoint.com (Powered by Qualys SSL Labs) 

It timed out reading the certificate. 

0 Kudos
Highlighted
Contributor

Not sure if you had anything to do with reporting this, but here it is.

Check Point Services Status - updates.checkpoint.com 092718 

0 Kudos
Highlighted
Champion
Champion

Yep, I reported it. The incident is now shown.

Highlighted
Explorer

Same problem here!

0 Kudos
Highlighted
Contributor

This should be one of those things that Check Point reports / announces to the community better.

Highlighted
Contributor

Status for this issue just went from "Investigating" to "Identified"
So it will hopefully be resolved soon.

0 Kudos
Highlighted

same issue here

0 Kudos
Highlighted

Agree with Alex Weldon‌ this can be reported to the community better. Just subscribed to Updates on the Services Status page. Let's see how well it works. 

0 Kudos