On Tue, Apr 14, 2015, at 09:11, Mark Felder wrote:
On Tue, Apr 14, 2015 at 07:50:32AM -0500, Mark Felder wrote:
On Tue, Apr 14, 2015, at 06:47, Dito wrote:
I saw a post back that someone suggested to use "httpst://url" but that is not working either. I am running build .17 , not sure if upgrading to .18 or .19 will work, I'll read the notes.
Is there another way to fix?
From hosts.cfg man page:
- "t", e.g. httpst://www.sample.com/ : use only TLSv1
Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
Please see the attached patch. I can successfully build on FreeBSD 8.4 and 9.3 which use OpenSSL versions that don't support TLS 1.1 and 1.2, so I'm certain I have not broken that functionality.
Considering how simple this patch is, I expect it to work reliably. Using this patch you should be able to specify httpst1_1:// and httpst1_2:// to get TLS 1.1 and 1.2
It seems that to allow mixing of schemeopts they are intended to be single characters. My new schemeopts of "t1_1" and "t1_2" are not working correctly. If I simply change them to "x" and "y" they work successfully.
I'm not sure what to do here; TLS 1.3 is on the horizon and we certainly will have more protocols in the future. I could also enable DTLS as easy as TLS 1.1 and TLS 1.2, but that's not in large demand...
I will wait for JC to chime in. With that simple modification my patch will work if someone really needs to force a TLS version.