Closed mabicca closed 12 months ago
thanks for sharing it!
Hi @JumpingYang001 , I was just curious to see if anything will be updated in regards of this request?
Thank you! -Marco
Hi @mabicca , thanks for your provided cipher list! but we don't test the list on all supported Linux and Unix platforms and also based-omi products, so it is hard to drive that list into guide.. If you are SCOM/Azure customer, you can create ticket/icm, then the guide might be triggered or updated.
@LeoYuAtMicrosoft did you restart omi to take affect to modification?
/opt/omi/bin/service_control restart
Hi Everyone,
Would it be possible to add a few more details to our guidance in regards of TLS 1.2? We have lots of users asking for guidance and it seems to not be as clear as it should and hopefully we could make this experience better.
For users that still have the process listening locally, there is an easy way to check for weak ciphers using this script:
If you are running it locally you can quickly use the line below (considering you saved the script as openssl-ciphers.sh and made it executable (chmod +x openssl-ciphers):
In this specific case I added a strong cipher suite option to the omiserver.conf: sslciphersuite=EECDH+AESGCM:EDH+AESGCM
The output of the script shows that omiserver only accepts tls 1.2 and 1.3 and all the ciphers supported:
What I would suggest is to at least add this info in our default omiserver.conf so it's a little bit easier on users on how they should configure it if needed and providing at least one good example:
Just for reference, these are all the ciphers that are enabled when we are not configuring any specific cipher orders in omiserver.conf:
A few good references
CipherList TLS 1.2 and 1.3 demystified