AnsweredAssumed Answered

Is https://updates.checkpoint.com down or broken?

Question asked by Johan Hillstrom on Sep 27, 2018
Latest reply on Sep 28, 2018 by Bob Bent

I noticed some errors on our gateways recently.

They could not check for updates.

It seems the update servers are not behaving properly.

I tried multiple times, 1 out of 5 responded correctly, the other gave an error or timed out during TLS handshake.

See below for details on a few tries.

 

 

---

TLS handshake timeout

 

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 194.29.39.19...

* Connected to updates.checkpoint.com (194.29.39.19) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:52 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

 

* *** Current date is: Thu Sep 27 11:53:27 2018

 

 

 

* err is -1, detail is 5

* errdetail=0x0

ERR_lib_error_string: (nil)

 ERR_func_error_string: (nil)

 ERR_reason_error_string: (nil)

 ERR_error_string: error:00000000:lib(0):func(0):reason(0)

* Unknown SSL protocol error in connection to updates.checkpoint.com:443 

* Closing connection 0

curl: (35) Unknown SSL protocol error in connection to updates.checkpoint.com:443 

 

---

Apparently OK connection

 

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:17 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:18 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

< HTTP/1.1 200 OK

< Date: Thu, 27 Sep 2018 09:50:19 GMT

< Server: Apache

< Last-Modified: Mon, 02 Apr 2012 20:31:37 GMT

< Accept-Ranges: bytes

< Content-Length: 306

< Content-Type: text/html

< 

<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

        <META HTTP-EQUIV="REFRESH" CONTENT = "0; URL=http://www.checkpoint.com">

        <SCRIPT Language="JavaScript">

           window.location.replace('http://www.checkpoint.com');

        </SCRIPT>

</head>

</html>

* Connection #0 to host updates.checkpoint.com left intact

 

---

Handshake OK, SSL read error

 

curl_cli -v -k https://updates.checkpoint.com/

*   Trying 209.87.209.87...

* Connected to updates.checkpoint.com (209.87.209.87) port 443 (#0)

* Cipher selection: HIGH:!RC4:!LOW:!EXP:!aNULL:!SSLv2:!MD5:!aECDH:!EDH

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (OUT), TLS handshake, Client hello (1):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Server hello (2):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:12 2018

* TLSv1.2 (IN), TLS handshake, Certificate (11):

* TLSv1.2 (IN), TLS handshake, Server finished (14):

* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):

* TLSv1.2 (OUT), TLS change cipher, Client hello (1):

* TLSv1.2 (OUT), TLS handshake, Finished (20):

* err is -1, detail is 2

* *** Current date is: Thu Sep 27 11:50:13 2018

* TLSv1.2 (IN), TLS change cipher, Client hello (1):

* TLSv1.2 (IN), TLS handshake, Finished (20):

* SSL connection using TLSv1.2 / AES256-SHA256

* servercert: Activated

* servercert: CRL validation was disabled

* Server certificate:

*  subject: OU=Domain Control Validated; CN=*.checkpoint.com

*  start date: Dec 24 13:34:00 2017 GMT

*  expire date: Dec 24 13:34:00 2018 GMT

*  issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certs.godaddy.com/repository/; CN=Go Daddy Secure Certificate Authority - G2

*  SSL certificate verify result: self signed certificate in certificate chain (19), continuing anyway.

* servercert: Finished

* SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

* Closing connection 0

curl: (56) SSL read: error:00000000:lib(0):func(0):reason(0), errno 104

Outcomes