[Xymon] Why does the cipher list in sslcert test show disabled ciphers?

J.C. Cleaver cleaver at terabithia.org
Wed Aug 5 00:14:35 CEST 2015


Hmm. This would seem like something we should probably look into changing.

A list of ciphers the remote host is permiting would be much more valuable
from a monitoring perspective (when enabled).

-jc




On Tue, August 4, 2015 1:42 pm, Ralph Mitchell wrote:
> It's not giving you a list of the ciphers the remote host permits.  All it
> does is cycle through the list of ciphers available on the Xymon server. I
> think there's a flag (for xymonnet, maybe?) that turns off that list.  A
> long time back I patched my copy of xymonnet to only return the cipher
> actually used to talk to the remore server.
>
> There's a program called sslscan that actually tests the entire list of
> ciphers against the remote host and tells you what works and what fails.
> That could be incorporated into an external test, maybe.
>
> Ralph Mitchell
> On Aug 4, 2015 12:41 PM, "Ribeiro, Glauber" <glauber.ribeiro at experian.com>
> wrote:
>
>> Why does the list of ciphers in the "sslcert" xymon test show ciphers
>> that
>> are disabled on the server? For example, we have disabled RC4 ciphers on
>> our servers, and confirmed using the "Qualys SSL Labs" server test, that
>> they are turned off. However, xymon still shows them.
>>
>> g
>> _______________________________________________
>> Xymon mailing list
>> Xymon at xymon.com
>> http://lists.xymon.com/mailman/listinfo/xymon
>>
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>





More information about the Xymon mailing list