[Xymon] HTTPS tests fails when TLS 1.1 and 1.2 only is enabled

Mark Felder feld at feld.me
Tue Apr 14 17:00:06 CEST 2015



On Tue, Apr 14, 2015, at 09:01, Dito wrote:
> that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is
> only
> TLS1.0
> we'll disabled TLS1.1 soon as well... in the name of security :)
> 
> I am thinking maybe an OpenSSL script could work in the meanwhile,
> instead
> of breaking things...
> 
> 

I enabled SSL cipher logging in my nginx webserver. It does appear to
use the best cipher available by default (TLS 1.2). I now strongly
suspect the OpenSSL on your Xymon server doesn't speak TLS 1.1 or 1.2.
Can you provide the OpenSSL version?

example:

% openssl version
OpenSSL 1.0.1l-freebsd 15 Jan 2015 




More information about the Xymon mailing list