How to Disable TLSV1 and 3DES cipher on Nsclient 0.5.2.39 ?

[glepinay]

Issue and Steps to Reproduce

Our Security sans report security wekness on Nsclient. in nsclient.ini : THE DIRECTIVE below works well ssl options = no-sslv2,no-sslv3

But not: ssl options = no-sslv2,no-sslv3,no-tlsv1,no_tlsv1.1

We need to disable TSLV1 : How can we do that : I tried several syntax in nsclient.ini ... but no success Also : the 3DES cipher is detected : I cannot disable it with the standard directive : allowed ciphers=ALL:!ADH:!LOW:!EXP:!RC4:!3DES:!MD5:!SHA1:!MEDIUM:@STRENGTH

Expected Behavior

Disable TLSV1.X

Actual Behavior

TLSV1 is still seen as reachable by the sCAN

Details

• NSClient++ version: 0.5.2.39
• OS and Version: Windows Server 2012, Server 2019
• Checking with: check_nrpe, check_nt. We use Webserver with a Certificate on each nsclient host.

[h3ge]

allowed ciphers=DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DH-RSA-AES128-GCM-SHA256:DH-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256 ssl options=no-sslv2,no-sslv3,no-tlsv1 use ssl=1 insecure=0 dh=${certificate-path}/nrpe_dh_4096.pem