NSCA Failing with AES 128 Encryption
Posted: Tue Oct 24, 2017 4:47 pm
We are using NSCA to send encrypted passive check updates from one Nagios server ("Nagios1") to another ("Nagios2").
The issue is that using AES256 encryption works fine, but AES128 cannot get any messages to the receiving server.
Versions:
NSCA 2.9.2
JSendNSCA 2.1.1
BouncyCastle 1.54
JSendNSCA (sending side, "Nagios1") is generating this exception when using AES128 encryption:
Exception trying to send passive check to Nagios: Read timed out
java.net.SocketTimeoutException: Read timed out
In /var/log/messages on the server ("Nagios2") side we see:
Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?
We have configured /usr/local/nagios/etc/nsca.cfg on the receiving host "Nagios2", and restarted nsca service (>service nsca restart):
decryption_method=14 (when testing AES128)
decryption_method=16 (when testing AES256)
Is there anything related to the NSCA Server on the receiving end ("Nagios2") that we need to recompile or modify to change decryption method, other than nsca.cfg?
Any help would be greatly appreciated!
The issue is that using AES256 encryption works fine, but AES128 cannot get any messages to the receiving server.
Versions:
NSCA 2.9.2
JSendNSCA 2.1.1
BouncyCastle 1.54
JSendNSCA (sending side, "Nagios1") is generating this exception when using AES128 encryption:
Exception trying to send passive check to Nagios: Read timed out
java.net.SocketTimeoutException: Read timed out
In /var/log/messages on the server ("Nagios2") side we see:
Received invalid packet type/version from client - possibly due to client using wrong password or crypto algorithm?
We have configured /usr/local/nagios/etc/nsca.cfg on the receiving host "Nagios2", and restarted nsca service (>service nsca restart):
decryption_method=14 (when testing AES128)
decryption_method=16 (when testing AES256)
Is there anything related to the NSCA Server on the receiving end ("Nagios2") that we need to recompile or modify to change decryption method, other than nsca.cfg?
Any help would be greatly appreciated!