Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Johan_Hillstrom
Contributor

Is https://updates.checkpoint.com down or broken?

I noticed some errors on our gateways recently.

They could not check for updates.

It seems the update servers are not behaving properly.

I tried multiple times, 1 out of 5 responded correctly, the other gave an error or timed out during TLS handshake.

See below for details on a few tries.

---

TLS handshake timeout

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 194.29.39.19...

* Connected to updates.checkpoint.com (194.29.39.19) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:52 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:53:27 2018

* err is -1, detail is 5

* errdetail=0x0

ERR_lib_error_string: (nil)

 ERR_func_error_string: (nil)

 ERR_reason_error_string: (nil)

 ERR_error_string: error:00000000:lib(0):func(0):reason(0)

* Unknown SSL protocol error in connection to updates.checkpoint.com:443 

* Closing connection 0

curl: (35) Unknown SSL protocol error in connection to updates.checkpoint.com:443 

---

Apparently OK connection

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:17 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

< HTTP/1.1 200 OK

< Date: Thu, 27 Sep 2018 09:50:19 GMT

< Server: Apache

< Last-Modified: Mon, 02 Apr 2012 20:31:37 GMT

< Accept-Ranges: bytes

< Content-Length: 306

< Content-Type: text/html

< 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

        <META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=http://www.checkpoint.com">

        <SCRIPT Language="JavaScript">

           window.location.replace('http://www.checkpoint.com');

        </SCRIPT>

</head>

</html>

* Connection #0 to host updates.checkpoint.com left intact

---

Handshake OK, SSL read error

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:13 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

9 Replies
Danny
Champion Champion
Champion

Check Point Services Status reports no issues.

0 Kudos
Johan_Hillstrom
Contributor

Tried it from Qualys/SSLlabs ”test your server” SSL Server Test: updates.checkpoint.com (Powered by Qualys SSL Labs) 

It timed out reading the certificate. 

0 Kudos
Johan_Hillstrom
Contributor

Not sure if you had anything to do with reporting this, but here it is.

Check Point Services Status - updates.checkpoint.com 092718 

0 Kudos
Danny
Champion Champion
Champion

Yep, I reported it. The incident is now shown.

Auke__
Explorer

Same problem here!

0 Kudos
Alex_Weldon
Contributor

This should be one of those things that Check Point reports / announces to the community better.

Johan_Hillstrom
Contributor

Status for this issue just went from "Investigating" to "Identified"
So it will hopefully be resolved soon.

0 Kudos
Eranda_Bluechip
Explorer

same issue here

0 Kudos
DeletedUser
Not applicable

Agree with Alex Weldon‌ this can be reported to the community better. Just subscribed to Updates on the Services Status page. Let's see how well it works. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events