[Xymon] Xymon 4.3.13: HTTPS check issues

Mark Felder feld at feld.me
Tue Jan 14 17:44:56 CET 2014



On Mon, Jan 13, 2014, at 2:29, henrik at hswn.dk wrote:
> Den 11.01.2014 18:44, Mark Felder skrev:
> > I think the safe solution everywhere is "off by default", and further
> > testing of the HTTPS checking code with OpenSSL 1.0+ against servers
> > that don't support the latest TLS, or maybe not even TLS at all -- 
> > just
> > SSLv3. You're going to have users with appliances that can't be 
> > upgraded
> > but they still should be able to get monitored.
> 
> Just to finish this thread: In 4.3.14 I have implemented a global 
> option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for 
> SSL tests. Default is OFF. In addition there are two now tags for 
> hosts.cfg, "sni" and "nosni" so regardless of the global option you can 
> override it per host.
> 
> I think that is the best way to avoid unnecessary surprises when 
> upgrading, while still making SNI available for those who need it.
> 
> 

Thanks Henrik!



More information about the Xymon mailing list