Agreed, sounds great. Thank you once again for this great software!
-- ____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences* || \\UTGERS |---------------------*O*--------------------- ||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer || \\ and Health | novosirj at rutgers.edu - 973/972.0922 (2x0922) || \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark `'
From: Xymon [xymon-bounces at xymon.com] On Behalf Of Mark Felder [feld at feld.me] Sent: Tuesday, January 14, 2014 11:44 AM To: xymon at xymon.com Subject: Re: [Xymon] Xymon 4.3.13: HTTPS check issues
On Mon, Jan 13, 2014, at 2:29, henrik at hswn.dk wrote:
Den 11.01.2014 18:44, Mark Felder skrev:
I think the safe solution everywhere is "off by default", and further testing of the HTTPS checking code with OpenSSL 1.0+ against servers that don't support the latest TLS, or maybe not even TLS at all -- just SSLv3. You're going to have users with appliances that can't be upgraded but they still should be able to get monitored.
Just to finish this thread: In 4.3.14 I have implemented a global option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for SSL tests. Default is OFF. In addition there are two now tags for hosts.cfg, "sni" and "nosni" so regardless of the global option you can override it per host.
I think that is the best way to avoid unnecessary surprises when upgrading, while still making SNI available for those who need it.
Thanks Henrik!
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon