On Tue, Apr 14, 2015, at 09:01, Dito wrote:
that's exactly what we did, disabled TLS1.0 as well and SSL, HTTPST is
only
TLS1.0
we'll disabled TLS1.1 soon as well... in the name of security :)
I am thinking maybe an OpenSSL script could work in the meanwhile,
instead
of breaking things...
I enabled SSL cipher logging in my nginx webserver. It does appear to
use the best cipher available by default (TLS 1.2). I now strongly
suspect the OpenSSL on your Xymon server doesn't speak TLS 1.1 or 1.2.
Can you provide the OpenSSL version?
example:
% openssl version
OpenSSL 1.0.1l-freebsd 15 Jan 2015