Hmm. This would seem like something we should probably look into changing.
A list of ciphers the remote host is permiting would be much more valuable
from a monitoring perspective (when enabled).
-jc
On Tue, August 4, 2015 1:42 pm, Ralph Mitchell wrote:
It's not giving you a list of the ciphers the remote host permits. All it
does is cycle through the list of ciphers available on the Xymon server. I
think there's a flag (for xymonnet, maybe?) that turns off that list. A
long time back I patched my copy of xymonnet to only return the cipher
actually used to talk to the remore server.
There's a program called sslscan that actually tests the entire list of
ciphers against the remote host and tells you what works and what fails.
That could be incorporated into an external test, maybe.
Ralph Mitchell
On Aug 4, 2015 12:41 PM, "Ribeiro, Glauber" <user-59d088777028@xymon.invalid>
wrote:
Why does the list of ciphers in the "sslcert" xymon test show ciphers
that
are disabled on the server? For example, we have disabled RC4 ciphers on
our servers, and confirmed using the "Qualys SSL Labs" server test, that
they are turned off. However, xymon still shows them.
g