Agreed, sounds great. Thank you once again for this great software!
--
____ *Note: UMDNJ is now Rutgers-Biomedical and Health Sciences*
|| \\UTGERS |---------------------*O*---------------------
||_// Biomedical | Ryan Novosielski - Sr. Systems Programmer
|| \\ and Health | user-46c89e614701@xymon.invalid - 973/972.0922 (2x0922)
|| \\ Sciences | OIT/EI-Academic Svcs. - ADMC 450, Newark
`'
From: Xymon [xymon-bounces at xymon.com] On Behalf Of Mark Felder [user-db141d317836@xymon.invalid]
Sent: Tuesday, January 14, 2014 11:44 AM
To: xymon at xymon.com
Subject: Re: [Xymon] Xymon 4.3.13: HTTPS check issues
On Mon, Jan 13, 2014, at 2:29, user-ce4a2c883f75@xymon.invalid wrote:Den 11.01.2014 18:44, Mark Felder skrev:
I think the safe solution everywhere is "off by default", and further
testing of the HTTPS checking code with OpenSSL 1.0+ against servers
that don't support the latest TLS, or maybe not even TLS at all --
just
SSLv3. You're going to have users with appliances that can't be
upgraded
but they still should be able to get monitored.
Just to finish this thread: In 4.3.14 I have implemented a global
option for xymonnet "--sni=[on|off]" to globally enable/disable SNI for
SSL tests. Default is OFF. In addition there are two now tags for
hosts.cfg, "sni" and "nosni" so regardless of the global option you can
override it per host.
I think that is the best way to avoid unnecessary surprises when
upgrading, while still making SNI available for those who need it.
Thanks Henrik!