Page 1 of 2
NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 12:46 pm
by estebanmonge
Hello. I can't built libmcrypt in AIX.
But I have the possibility of use openssl, I need the correct encryption for openssl. The options that AIX's openssl are:
We use 256 bit in Linux and Windows servers.
Cipher commands (see the `enc' command for more details)
aes-128-cbc aes-128-ecb aes-192-cbc aes-192-ecb aes-256-cbc
aes-256-ecb base64 bf bf-cbc bf-cfb
bf-ecb bf-ofb cast cast-cbc cast5-cbc
cast5-cfb cast5-ecb cast5-ofb des des-cbc
des-cfb des-ecb des-ede des-ede-cbc des-ede-cfb
des-ede-ofb des-ede3 des-ede3-cbc des-ede3-cfb des-ede3-ofb
des-ofb des3 desx rc2 rc2-40-cbc
rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40
Thanks
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 1:17 pm
by tmcdonald
Can you please clarify the problem you are having? It sounds like you need to use openssl in place of libmcrypt, and need to know what encryption SSL uses.
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 1:31 pm
by estebanmonge
Correct I need to replace libmcrypt with openssl, we use Rijndael with 256 bits
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 1:42 pm
by tmcdonald
Is this a specific question about Nagios Core or NSCA? AIX is a proprietary operating system that we do not have a license for, so we are unable to do any testing in such an environment.
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 3:19 pm
by estebanmonge
NSCA question
If you want test, can use any openssl implementation from Linux...
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 3:49 pm
by tmcdonald
As far as I know (and I can talk to the developer tomorrow), NSCA is written with libmcrypt in mind, and in order to use openssl you would need to make some pretty significant source code changes.
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 4:04 pm
by estebanmonge
I only need the encryption equivalent between libmcrypt rijndael and openssl aes. What combination right? I don't need any source modification or similar, only the equivalent command.
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Thu Oct 10, 2013 4:33 pm
by slansing
There is no current way to do this, you cannot currently force NSCA to configure with openssl, only mcrypt which supports 256-bit encryption. As tmcdonald mentioned above you would have to manually edit the source for send_nsca, and the nsca server on your nagios server then recompile them. This is something we cannot really help with due to the time required.
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Sun Oct 13, 2013 8:30 pm
by estebanmonge
OpenSSL supports 256 bit encryption
https://www.openssl.org/docs/apps/enc.html. I going to try with aes-256-cbc
Re: NSCA libmcrypt encryption comparable in openssl
Posted: Mon Oct 14, 2013 9:13 am
by slansing
Yes it does support it, the issue is that mcrypt does as well, and thus mcrypt was used originally for NSCA and is hard coded in the source.