Open glepinay opened 3 years ago
allowed ciphers=DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DH-RSA-AES128-GCM-SHA256:DH-RSA-AES128-SHA256:AES128-GCM-SHA256:AES128-SHA256 ssl options=no-sslv2,no-sslv3,no-tlsv1 use ssl=1 insecure=0 dh=${certificate-path}/nrpe_dh_4096.pem
Issue and Steps to Reproduce
Our Security sans report security wekness on Nsclient. in nsclient.ini : THE DIRECTIVE below works well ssl options = no-sslv2,no-sslv3
But not: ssl options = no-sslv2,no-sslv3,no-tlsv1,no_tlsv1.1
We need to disable TSLV1 : How can we do that : I tried several syntax in nsclient.ini ... but no success Also : the 3DES cipher is detected : I cannot disable it with the standard directive : allowed ciphers=ALL:!ADH:!LOW:!EXP:!RC4:!3DES:!MD5:!SHA1:!MEDIUM:@STRENGTH
Expected Behavior
Disable TLSV1.X
Actual Behavior
TLSV1 is still seen as reachable by the sCAN
Details