I noticed some errors on our gateways recently.
They could not check for updates.
It seems the update servers are not behaving properly.
I tried multiple times, 1 out of 5 responded correctly, the other gave an error or timed out during TLS handshake.
See below for details on a few tries.
---
TLS handshake timeout
curl_cli -v -k https://updates.checkpoint.com/
* Trying 194.29.39.19...
* Connected to updates.checkpoint.com (194.29.39.19) port 443 (#0)
* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH
* *** Current date is: Thu Sep 27 11:50:52 2018
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:53:27 2018
* err is -1, detail is 5
* errdetail=0x0
ERR_lib_error_string: (nil)
ERR_func_error_string: (nil)
ERR_reason_error_string: (nil)
ERR_error_string: error:00000000:lib(0):func(0):reason(0)
* Unknown SSL protocol error in connection to updates.checkpoint.com:443
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to updates.checkpoint.com:443
---
Apparently OK connection
curl_cli -v -k https://updates.checkpoint.com/
* Trying 209.87.209.87...
* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)
* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH
* *** Current date is: Thu Sep 27 11:50:17 2018
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:18 2018
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:18 2018
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:18 2018
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES256-SHA256
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.checkpoint.com
* start date: Dec 24 13:34:00 2017 GMT
* expire date: Dec 24 13:34:00 2018 GMT
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* servercert: Finished
< HTTP/1.1 200 OK
< Date: Thu, 27 Sep 2018 09:50:19 GMT
< Server: Apache
< Last-Modified: Mon, 02 Apr 2012 20:31:37 GMT
< Accept-Ranges: bytes
< Content-Length: 306
< Content-Type: text/html
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=http://www.checkpoint.com">
<SCRIPT Language="JavaScript">
window.location.replace('http://www.checkpoint.com');
</SCRIPT>
</head>
</html>
* Connection #0 to host updates.checkpoint.com left intact
---
Handshake OK, SSL read error
curl_cli -v -k https://updates.checkpoint.com/
* Trying 209.87.209.87...
* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)
* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH
* *** Current date is: Thu Sep 27 11:50:12 2018
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:12 2018
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:12 2018
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* err is -1, detail is 2
* *** Current date is: Thu Sep 27 11:50:13 2018
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / AES256-SHA256
* servercert: Activated
* servercert: CRL validation was disabled
* Server certificate:
* subject: OU=Domain Control Validated; CN=*.checkpoint.com
* start date: Dec 24 13:34:00 2017 GMT
* expire date: Dec 24 13:34:00 2018 GMT
* issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2
* SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.
* servercert: Finished
* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104
* Closing connection 0
curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104