[Xymon] Xymon 4.3.13: HTTPS check issues
henrik at hswn.dk
henrik at hswn.dk
Mon Jan 13 09:29:50 CET 2014
Den 11.01.2014 18:44, Mark Felder skrev:
> I think the safe solution everywhere is "off by default", and further
> testing of the HTTPS checking code with OpenSSL 1.0+ against servers
> that don't support the latest TLS, or maybe not even TLS at all --
> just
> SSLv3. You're going to have users with appliances that can't be
> upgraded
> but they still should be able to get monitored.
Just to finish this thread: In 4.3.14 I have implemented a global
option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for
SSL tests. Default is OFF. In addition there are two now tags for
hosts.cfg, "sni" and "nosni" so regardless of the global option you can
override it per host.
I think that is the best way to avoid unnecessary surprises when
upgrading, while still making SNI available for those who need it.
Regards,
Henrik
More information about the Xymon
mailing list