[Xymon] HTTPS tests fails when TLS 1.1 and 1.2 only is enabled

Dito dito74 at gmail.com
Tue Apr 14 16:01:53 CEST 2015


that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is only
TLS1.0
we'll disabled TLS1.1 soon as well... in the name of security :)

I am thinking maybe an OpenSSL script could work in the meanwhile, instead
of breaking things...


Gab

On Tue, Apr 14, 2015 at 9:11 AM, Mark Felder <feld at feld.me> wrote:

>
>
> On Tue, Apr 14, 2015, at 07:50, Mark Felder wrote:
> >
> >
> > On Tue, Apr 14, 2015, at 06:47, Dito wrote:
> > > I saw a post back that someone suggested to use "httpst://url" but that
> > > is
> > > not working either.
> > > I am running build .17 , not sure if upgrading to .18 or .19 will work,
> > > I'll read the notes.
> > >
> > >
> > > Is there another way to fix?
> > >
> >
> > From hosts.cfg man page:
> >
> > * "t",  e.g. httpst://www.sample.com/ : use only TLSv1
> >
> >
> > Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
> >
>
> I may have successfully created a patch to add this behavior, but I need
> to do some extensive testing. Adding specific options for TLS 1.1 and
> 1.2 means it could break the build in environments where the OpenSSL
> version does not recognize these protocols. I'm not sure we want to
> break compatibility, although my personal opinion is that we should
> encourage users to upgrade in the name of security....
> _______________________________________________
> Xymon mailing list
> Xymon at xymon.com
> http://lists.xymon.com/mailman/listinfo/xymon
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150414/7dbbac1d/attachment.html>


More information about the Xymon mailing list