In our test Nagios XI environment we have implemented several security changes with apache including switching to only allow TLS1.1 & 1.2.
After the change we have noticed several issues. The "Monitoring Engine Process" & "Monitoring Engine Event Queue" dashlets are displaying only errorrs("No Data", & "Error: No output from backend!"). Also when running an apply configuration the wait screen will just sit there spitting out ....s - I checked the /usr/local/nagiosxi/var/cmdsubsys.log and it is completing but is not getting any data from the backend to say its completed.
Once I re-enable TLSv1.0 these problems disappear and everything is back to normal. Our security team is forcing the change and we will have to disable TLSv1.0, and I need some help to correct these issues.
I am running Nagios XI v 5.2.3 on Red Hat Enterprise Linux Server release 6.7 (Santiago)
Nagios XI Issue WIth Disabled TLS1.0
-
dwasswa
Re: Nagios XI Issue WIth Disabled TLS1.0
Hi @ daniel.ledford,
You will have to remove TLSv1.0 and configure TLS1.1 & 1.2..
Please let me know if you have any questions.
You will have to remove TLSv1.0 and configure TLS1.1 & 1.2..
Please let me know if you have any questions.
-
daniel.ledford
- Posts: 19
- Joined: Wed Jan 20, 2016 9:03 am
Re: Nagios XI Issue WIth Disabled TLS1.0
We have already done that prior to the original post. We are only allowing TLSv1.1 & 1.2 on the server.
From the apache config:
Is there a config on the Nagios end to specify to only use TLSv1.1 or 1.2? We have successfully setup HTTPS through this guide:
https://assets.nagios.com/downloads/nag ... s%20XI.pdf
From the apache config:
Code: Select all
SSLProtocol -all +TLSv1.1 +TLSv1.2https://assets.nagios.com/downloads/nag ... s%20XI.pdf
-
dwasswa
Re: Nagios XI Issue WIth Disabled TLS1.0
Hi @daniel.ledford,
Could you please check if port 443 is open on your firewall.
Do that by running the command below as root to show open ports on your firewall:
Expected output:
Could you please check if port 443 is open on your firewall.
Do that by running the command below as root to show open ports on your firewall:
Code: Select all
firewall-cmd --list-allCode: Select all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: dhcpv6-client ssh
ports: 5666/tcp 161/tcp 80/tcp 5667/tcp 12489/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
-
dwasswa
Re: Nagios XI Issue WIth Disabled TLS1.0
After making the changes below,
Did you restart the httpd and nagios service to apply those changes?daniel.ledford wrote:We have already done that prior to the original post. We are only allowing TLSv1.1 & 1.2 on the server.
From the apache config:Is there a config on the Nagios end to specify to only use TLSv1.1 or 1.2? We have successfully setup HTTPS through this guide:Code: Select all
SSLProtocol -all +TLSv1.1 +TLSv1.2
https://assets.nagios.com/downloads/nag ... s%20XI.pdf