search

mickem / nscp

NSClient++
http://nsclient.org
GNU General Public License v2.0
235 stars 91 forks source link

Disable SSL 2.0 and 3.0 and Use TLS 1.2 #723

Open gaju0083 opened 3 years ago

gaju0083 commented 3 years ago

Issue and Steps to Reproduce

We are getting security alert from our security team mentioning to disable SSL2.0 and 3.0 and start using TLS1.2 for NSClient. What is the process to do the same?

PLEASE PROVIDE COMMAND HERE

Expected Behavior

Tell us what you think should happen.

Actual Behavior

Tell us what happens instead.

Details

Additional Details

NSClient++ log:

PLEASE PASTE LOG HERE
h3xx commented 2 years ago

I'm currently trying to figure out how to configure PASSIVE checks to go out over TLS 1.2, and running into a wall.

However, if you're asking about ACTIVE checks, NSClient++ should accept TLS 1.2 by default.

According to the documentation, you can explicitly disable TLS v1.0 by adding the following to your nsclient.ini file (i.e. under the appropriate heading):

[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3,no-tlsv1
jhgroen commented 10 months ago

Any updates on this? Is there any way to use NSClient++ with TLS 1.2 for passive checks? Without this update this tool is dead for us as we are required to use TLS 1.2 now. @mickem