On Tue, Apr 14, 2015, at 09:11, Mark Felder wrote:
On Tue, Apr 14, 2015 at 07:50:32AM -0500, Mark Felder wrote:
On Tue, Apr 14, 2015, at 06:47, Dito wrote:
I saw a post back that someone suggested to use "httpst://url" but that
is
not working either.
I am running build .17 , not sure if upgrading to .18 or .19 will work,
I'll read the notes.
Is there another way to fix?
From hosts.cfg man page:
* "t", e.g. httpst://www.sample.com/ : use only TLSv1
Looks like we need to patch xymonnet to let us specify TLS 1.1 and 1.2
Please see the attached patch. I can successfully build on FreeBSD 8.4
and 9.3 which use OpenSSL versions that don't support TLS 1.1 and 1.2,
so I'm certain I have not broken that functionality.
Considering how simple this patch is, I expect it to work reliably.
Using this patch you should be able to specify httpst1_1:// and
httpst1_2:// to get TLS 1.1 and 1.2
It seems that to allow mixing of schemeopts they are intended to be
single characters. My new schemeopts of "t1_1" and "t1_2" are not
working correctly. If I simply change them to "x" and "y" they work
successfully.
I'm not sure what to do here; TLS 1.3 is on the horizon and we certainly
will have more protocols in the future. I could also enable DTLS as easy
as TLS 1.1 and TLS 1.2, but that's not in large demand...
I will wait for JC to chime in. With that simple modification my patch
will work if someone really needs to force a TLS version.