[Xymon] Why does the cipher list in sslcert test show disabled ciphers?

Ribeiro, Glauber glauber.ribeiro at experian.com
Tue Aug 4 23:30:20 CEST 2015

Yes, I think i’m going to turn that list off, it’s just clutter.

From: Ralph Mitchell [mailto:ralphmitchell at gmail.com]
Sent: Tuesday, August 04, 2015 15:43
To: Ribeiro, Glauber
Cc: xymon at xymon.com
Subject: Re: [Xymon] Why does the cipher list in sslcert test show disabled ciphers?

It's not giving you a list of the ciphers the remote host permits.  All it does is cycle through the list of ciphers available on the Xymon server. I think there's a flag (for xymonnet, maybe?) that turns off that list.  A long time back I patched my copy of xymonnet to only return the cipher actually used to talk to the remore server.

There's a program called sslscan that actually tests the entire list of ciphers against the remote host and tells you what works and what fails.  That could be incorporated into an external test, maybe.

Ralph Mitchell
On Aug 4, 2015 12:41 PM, "Ribeiro, Glauber" <glauber.ribeiro at experian.com<mailto:glauber.ribeiro at experian.com>> wrote:
Why does the list of ciphers in the "sslcert" xymon test show ciphers that are disabled on the server? For example, we have disabled RC4 ciphers on our servers, and confirmed using the "Qualys SSL Labs" server test, that they are turned off. However, xymon still shows them.

Xymon mailing list
Xymon at xymon.com<mailto:Xymon at xymon.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20150804/ef1dd439/attachment.html>

More information about the Xymon mailing list