that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is only TLS1.0 we'll disabled TLS1.1 soon as well... in the name of security :)
I am thinking maybe an OpenSSL script could work in the meanwhile, instead of breaking things...
Gab
On Tue, Apr 14, 2015 at 9:11 AM, Mark Felder <feld at feld.me> wrote:
On Tue, Apr 14, 2015, at 07:50, Mark Felder wrote:
On Tue, Apr 14, 2015, at 06:47, Dito wrote:
I saw a post back that someone suggested to use "httpst://url" but that is not working either. I am running build .17 , not sure if upgrading to .18 or .19 will work, I'll read the notes.
Is there another way to fix?
From hosts.cfg man page:
- "t", e.g. httpst://www.sample.com/ : use only TLSv1
Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
I may have successfully created a patch to add this behavior, but I need to do some extensive testing. Adding specific options for TLS 1.1 and 1.2 means it could break the build in environments where the OpenSSL version does not recognize these protocols. I'm not sure we want to break compatibility, although my personal opinion is that we should encourage users to upgrade in the name of security....
Xymon mailing list Xymon at xymon.com http://lists.xymon.com/mailman/listinfo/xymon