NSCA libmcrypt encryption comparable in openssl

estebanmonge · Post by **estebanmonge** » Thu Oct 10, 2013 12:46 pm

Hello. I can't built libmcrypt in AIX.

But I have the possibility of use openssl, I need the correct encryption for openssl. The options that AIX's openssl are:

We use 256 bit in Linux and Windows servers.

Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40

Thanks

tmcdonald · Post by **tmcdonald** » Thu Oct 10, 2013 1:17 pm

Can you please clarify the problem you are having? It sounds like you need to use openssl in place of libmcrypt, and need to know what encryption SSL uses.

estebanmonge · Post by **estebanmonge** » Thu Oct 10, 2013 1:31 pm

Correct I need to replace libmcrypt with openssl, we use Rijndael with 256 bits

tmcdonald · Post by **tmcdonald** » Thu Oct 10, 2013 1:42 pm

Is this a specific question about Nagios Core or NSCA? AIX is a proprietary operating system that we do not have a license for, so we are unable to do any testing in such an environment.

estebanmonge · Post by **estebanmonge** » Thu Oct 10, 2013 3:19 pm

NSCA question

If you want test, can use any openssl implementation from Linux...

tmcdonald · Post by **tmcdonald** » Thu Oct 10, 2013 3:49 pm

As far as I know (and I can talk to the developer tomorrow), NSCA is written with libmcrypt in mind, and in order to use openssl you would need to make some pretty significant source code changes.

estebanmonge · Post by **estebanmonge** » Thu Oct 10, 2013 4:04 pm

I only need the encryption equivalent between libmcrypt rijndael and openssl aes. What combination right? I don't need any source modification or similar, only the equivalent command.

slansing · Post by **slansing** » Thu Oct 10, 2013 4:33 pm

There is no current way to do this, you cannot currently force NSCA to configure with openssl, only mcrypt which supports 256-bit encryption. As tmcdonald mentioned above you would have to manually edit the source for send_nsca, and the nsca server on your nagios server then recompile them. This is something we cannot really help with due to the time required.

estebanmonge · Post by **estebanmonge** » Sun Oct 13, 2013 8:30 pm

OpenSSL supports 256 bit encryption https://www.openssl.org/docs/apps/enc.html. I going to try with aes-256-cbc

slansing · Post by **slansing** » Mon Oct 14, 2013 9:13 am

Yes it does support it, the issue is that mcrypt does as well, and thus mcrypt was used originally for NSCA and is hard coded in the source.

Nagios Support Forum

NSCA libmcrypt encryption comparable in openssl

NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl

Re: NSCA libmcrypt encryption comparable in openssl