NeophyteSSLError for HTTPS module
For anyone else that may be looking at this in the future, support has supplied me with a solution that works.
In LogicMonitor, Open up Settings -> Collectors -> [locate the Collector in question] -> Collector Configuration -> Wrapper Config
Within wrapper config, look at all the "wrapper.java.additional.##" where the ## is going to be a number starting at 1 and incrementing by 1. For example in my environment I had
wrapper.java.additional.1 - wrapper.java.additional.28
Add 1 to the last wrapper.java.additional.## (so for me it would be wrapper.java.additional.29) and add the following line to the end of your config
wrapper.java.additional.29=-Djdk.tls.maxHandshakeMessageSize=50000
Then click "save and restart" to restart the collector. This solved the issue.
The "why" is a bit more iffy. According to LogicMonitor support:
It looks like it was basically just buffer overflow protection built in to the Collector. We have a buffer of 32KiB for the handshake response, if the response exceeds that buffer size we discard it as invalid. To be clear, the following is conjecture, but I figure what's going on here is that most SSL handshake responses are less than 32KiB, so that value was probably chosen arbitrarily as 'good enough' for most cases. Given that the SSL handshake response contains the entire certificate chain, if the chain is long enough it could in theory exceed that buffer size, which I assume is why the developers offered this as a knob to turn in the config. According some random sources I found online, a typical enterprise certificate chain for an internal server using TLS 1.2 can be 6-10KiB, so 32KiB should be enough in most cases. Looks like in this case it wasn't.
