[Xymon] SSL Error [SEC=UNCLASSIFIED]

John Thurston john.thurston at alaska.gov
Thu Nov 3 17:10:37 CET 2016


On 11/2/2016 8:22 PM, David Baldwin wrote:
> Martin,
>
> There is an option for xymonnet to enable SNI - here's my tasks.cfg
> snippet - see man xymonnet
>
> [xymonnet]
>         ENVFILE /home/xymon/server/etc/xymonserver-net.cfg
>         NEEDS xymond
>         CMD xymonnet --report --ping --checkresponse --bb-proxy-syntax
> --sni=on --timeout=20 --sslkeysize=2048
>         LOGFILE $XYMONSERVERLOGS/xymonnet.log
>         INTERVAL 5m

SNI can also be enabled per-host. See the man page for hosts.cfg:

> sni
> nosni
>     Enables or disables use of SNI (Server Name Indication) for SSL tests.
>     Some SSL implementations cannot handle SSL handshakes with SNI data, so Xymon by default does not use SNI. This default can be changed with the "--sni" option for xymonnet(1) but can also be managed per host with these tags.
>     SNI support was added in Xymon 4.3.13, where the default was to use SNI. This was changed in 4.3.14 so SNI support is disabled by default, and the "sni" and "nosni" tags were introduced together with the "--sni" option for xymonnet.


-- 
    Do things because you should, not just because you can.

John Thurston    907-465-8591
John.Thurston at alaska.gov
Enterprise Technology Services
Department of Administration
State of Alaska



More information about the Xymon mailing list