[Xymon] Xymon 4.3.13: HTTPS check issues

henrik at hswn.dk henrik at hswn.dk
Mon Jan 13 09:29:50 CET 2014


Den 11.01.2014 18:44, Mark Felder skrev:
> I think the safe solution everywhere is "off by default", and further
> testing of the HTTPS checking code with OpenSSL 1.0+ against servers
> that don't support the latest TLS, or maybe not even TLS at all -- 
> just
> SSLv3. You're going to have users with appliances that can't be 
> upgraded
> but they still should be able to get monitored.

Just to finish this thread: In 4.3.14 I have implemented a global 
option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for 
SSL tests. Default is OFF. In addition there are two now tags for 
hosts.cfg, "sni" and "nosni" so regardless of the global option you can 
override it per host.

I think that is the best way to avoid unnecessary surprises when 
upgrading, while still making SNI available for those who need it.


Regards,
Henrik




More information about the Xymon mailing list