1 follower Follow

Do not only use SSLv3 for Root Cause Analysis

Our company finally disabled SSLv3 last week. We then found out that Pingdom only uses SSLv3 for Root Cause Analysis. This is the response I received from Pingdom support:

After the initial requests detected the error, and the analysis is made over HTTP 1.0. This is what is causing the error. Your website isn't compatible with HTTP 1.0 requests (because it's kind of outdated...). That's why the initial requests didn't fail, because those are made via HTTP 1.1. Though we are in the progress of updating the way the root cause analysis is being run (via HTTP 1.1 instead) I'm afraid that at the time being looking at the analysis when outages occur wont give you much accurate information, as the errors will always display as SSL error even though that wasn't why our servers reported an outage.

This is very disappointing. SSL 3.0 was deprecated in June 2015. We rely on the results of the "GET Content" step of the Root Cause Analysis to help us troubleshoot. I hope Pingdom will fix this soon.

This Pingdom FAQ article is also misleading as it does not say that Root Cause Analysis is done differently. Support told me they would try to update that article.

Pingdom Support has been very nice and helpful when I contacted them but I thought it would be useful to post something in this forum for others to see.

Adam Yost

Please sign in to leave a comment.