[Xymon] Xymon 4.3.13: HTTPS check issues
Novosielski, Ryan
novosirj at ca.rutgers.edu
Tue Jan 14 17:45:32 CET 2014
Agreed, sounds great. Thank you once again for this great software!
--
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer
|| \\ and Health | novosirj at rutgers.edu - 973/972.0922 (2x0922)
|| \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark
`'
________________________________________
From: Xymon [xymon-bounces at xymon.com] On Behalf Of Mark Felder [feld at feld.me]
Sent: Tuesday, January 14, 2014 11:44 AM
To: xymon at xymon.com
Subject: Re: [Xymon] Xymon 4.3.13: HTTPS check issues
On Mon, Jan 13, 2014, at 2:29, henrik at hswn.dk wrote:
> Den 11.01.2014 18:44, Mark Felder skrev:
> > I think the safe solution everywhere is "off by default", and further
> > testing of the HTTPS checking code with OpenSSL 1.0+ against servers
> > that don't support the latest TLS, or maybe not even TLS at all --
> > just
> > SSLv3. You're going to have users with appliances that can't be
> > upgraded
> > but they still should be able to get monitored.
>
> Just to finish this thread: In 4.3.14 I have implemented a global
> option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for
> SSL tests. Default is OFF. In addition there are two now tags for
> hosts.cfg, "sni" and "nosni" so regardless of the global option you can
> override it per host.
>
> I think that is the best way to avoid unnecessary surprises when
> upgrading, while still making SNI available for those who need it.
>
>
Thanks Henrik!
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list