Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios XI 5.8.2 TLS 1.2/1.3 Support

https://support.nagios.com/forum/viewtopic.php?t=62095

Page 2 of 2

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Wed Mar 31, 2021 11:44 am
by aastaguy
It looks like this way pulls my cert, and AD info, then presents the info below along with a session id and a master key.

---
No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2201 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256
Session-ID-ctx:

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Thu Apr 01, 2021 10:22 am
by dchurch
Okay, then what's the output from this?:

Code: Select all

php --version
php -r 'print_r([openssl_get_cipher_methods(),openssl_get_curve_names(),openssl_get_md_methods()]);'
openssl s_client -starttls smtp -tls1_2 -connect POSTFIXSEREVR:25 </dev/null
I looked into TLS 1.2 support in PHP and the PHPMailer library, and it seems that the TLS version tried is up to the PHP and openssl version. They added a workaround to support TLS 1.0 and TLS 1.1 in newer versions of PHP because PHP would refuse to even try them. I suppose next we could try disabling that workaround.

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Thu Apr 01, 2021 12:11 pm
by aastaguy
PHP 5.4.16 (cli) (built: Apr 1 2020 04:07:17)
Copyright (c) 1997-2013 The PHP Group
Zend Engine v2.4.0, Copyright (c) 1998-2013 Zend Technologies



PHP Fatal error: Call to undefined function openssl_get_curve_names() in Command line code on line 1



plus the same cert and keys from before:

No client certificate CA names sent
Peer signing digest: SHA256
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 2200 bytes and written 450 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES128-GCM-SHA256

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Thu Apr 01, 2021 2:50 pm
by dchurch
There's your problem. You need to be on PHP 5.6.8 or higher for TLS 1.2.

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Thu Apr 01, 2021 3:53 pm
by aastaguy
Awesome, thank you! I will get this updated and see what happens, but that makes sense.

Thanks again!

Re: Nagios XI 5.8.2 TLS 1.2/1.3 Support

Posted: Thu Apr 01, 2021 4:15 pm
by dchurch
Glad to hear you resolved it! Locking thread.

If you have any additional issues, feel free to make a new thread.
All times are UTC-05:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited