that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is only
TLS1.0
we'll disabled TLS1.1 soon as well... in the name of security :)
I am thinking maybe an OpenSSL script could work in the meanwhile, instead
of breaking things...
Gab
On Tue, Apr 14, 2015 at 9:11 AM, Mark Felder <user-db141d317836@xymon.invalid> wrote:
On Tue, Apr 14, 2015, at 07:50, Mark Felder wrote:
On Tue, Apr 14, 2015, at 06:47, Dito wrote:
I saw a post back that someone suggested to use "httpst://url" but that
is
not working either.
I am running build .17 , not sure if upgrading to .18 or .19 will work,
I'll read the notes.
Is there another way to fix?
From hosts.cfg man page:
* "t", e.g. httpst://www.sample.com/ : use only TLSv1
Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
I may have successfully created a patch to add this behavior, but I need
to do some extensive testing. Adding specific options for TLS 1.1 and
1.2 means it could break the build in environments where the OpenSSL
version does not recognize these protocols. I'm not sure we want to
break compatibility, although my personal opinion is that we should
encourage users to upgrade in the name of security....