This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Johan_Hillstrom
Contributor
‎2018-09-27 03:04 AM

Is https://updates.checkpoint.com down or broken?

I noticed some errors on our gateways recently.

They could not check for updates.

It seems the update servers are not behaving properly.

I tried multiple times, 1 out of 5 responded correctly, the other gave an error or timed out during TLS handshake.

See below for details on a few tries.

---

TLS handshake timeout

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 194.29.39.19...

* Connected to updates.checkpoint.com (194.29.39.19) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:52 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:53:27 2018

* err is -1, detail is 5

* errdetail=0x0

ERR_lib_error_string: (nil)

 ERR_func_error_string: (nil)

 ERR_reason_error_string: (nil)

 ERR_error_string: error:00000000:lib(0):func(0):reason(0)

* Unknown SSL protocol error in connection to updates.checkpoint.com:443 

* Closing connection 0

curl: (35) Unknown SSL protocol error in connection to updates.checkpoint.com:443 

---

Apparently OK connection

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:17 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

< HTTP/1.1 200 OK

< Date: Thu, 27 Sep 2018 09:50:19 GMT

< Server: Apache

< Last-Modified: Mon, 02 Apr 2012 20:31:37 GMT

< Accept-Ranges: bytes

< Content-Length: 306

< Content-Type: text/html

< 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

        <META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=http://www.checkpoint.com">

        <SCRIPT Language="JavaScript">

           window.location.replace('http://www.checkpoint.com');

        </SCRIPT>

</head>

</html>

* Connection #0 to host updates.checkpoint.com left intact

---

Handshake OK, SSL read error

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:13 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

9 Replies
Danny
MVP Diamond
MVP Diamond
‎2018-09-27 03:10 AM

Check Point Services Status reports no issues.

0 Kudos
Johan_Hillstrom
Contributor
‎2018-09-27 03:23 AM
In response to Danny

Tried it from Qualys/SSLlabs ”test your server” SSL Server Test: updates.checkpoint.com (Powered by Qualys SSL Labs) 

It timed out reading the certificate. 

0 Kudos
Johan_Hillstrom
Contributor
‎2018-09-27 04:22 AM
In response to Danny

Not sure if you had anything to do with reporting this, but here it is.

Check Point Services Status - updates.checkpoint.com 092718 

0 Kudos
Danny
MVP Diamond
MVP Diamond
‎2018-09-27 04:43 AM
In response to Johan_Hillstrom

Yep, I reported it. The incident is now shown.

Auke__
Explorer
‎2018-09-27 03:50 AM

Same problem here!

0 Kudos
Alex_Weldon
Contributor
‎2018-09-27 07:36 AM

This should be one of those things that Check Point reports / announces to the community better.

Johan_Hillstrom
Contributor
‎2018-09-27 09:04 AM

Status for this issue just went from "Investigating" to "Identified"
So it will hopefully be resolved soon.

0 Kudos
Eranda_Bluechip
Explorer
‎2018-09-27 09:35 PM

same issue here

0 Kudos
DeletedUser
Not applicable
‎2018-09-28 08:14 AM

Agree with Alex Weldon‌ this can be reported to the community better. Just subscribed to Updates on the Services Status page. Let's see how well it works. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events