14 Apr
2015
14 Apr
'15
3:41 p.m.
oh, I run yum update all the times, and openssl is still 0.9.8e-33.el5_11
Gab
On Tue, Apr 14, 2015 at 11:00 AM, Mark Felder <feld at feld.me> wrote:
On Tue, Apr 14, 2015, at 09:01, Dito wrote:
that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is only TLS1.0 we'll disabled TLS1.1 soon as well... in the name of security :)
I am thinking maybe an OpenSSL script could work in the meanwhile, instead of breaking things...
I enabled SSL cipher logging in my nginx webserver. It does appear to use the best cipher available by default (TLS 1.2). I now strongly suspect the OpenSSL on your Xymon server doesn't speak TLS 1.1 or 1.2. Can you provide the OpenSSL version?
example:
% openssl version OpenSSL 1.0.1l-freebsd 15 Jan 2015