Page 1 of 1
NSCLIENT+++ 0.3.9.328
Posted: Tue Feb 13, 2018 1:01 pm
by patalenszki.zoltan
Dear Support,
Is it possibble somehow to disable following ciphers on port 5666 opened by Nagios Agent on windows?
ADH-DES-CBC3-SHA Kx=DH Au=None Enc=3DES-CBC(168) Mac=SHA1
EXP-ADH-DES-CBC-SHA Kx=DH(512) Au=None Enc=DES-CBC(40) Mac=SHA1 export
EXP-ADH-RC4-MD5 Kx=DH(512) Au=None Enc=RC4(40) Mac=MD5 export
ADH-DES-CBC-SHA Kx=DH Au=None Enc=DES-CBC(56) Mac=SHA1
Thanks in advance,
Zoltan
Re: NSCLIENT+++ 0.3.9.328
Posted: Tue Feb 13, 2018 2:01 pm
by lmiltchev
NSClient++ is not developed or maintained by Nagios. I would recommend posting your question on the NSClient++ support site. Having said that, it is possible that you would need to upgrade your agent to a newer version - 0.3.9 is quite old. I believe in the latest versions of NSClient++ you could specify the "allowed ciphers" in the nsclient.ini:
Code: Select all
[/settings/NSClient/server]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
I am not sure if you could do this in ver. 0.3.9 but I pretty much doubt it.
Re: NSCLIENT+++ 0.3.9.328
Posted: Wed Feb 14, 2018 11:34 am
by patalenszki.zoltan
It is the recommended version on your site:
https://exchange.nagios.org/directory/A ... ++/details
I will ask my mangament not to extend our support contract. Most common answer is that "not supported by you". It is the waste of money.
Thanks,
Zoltan
Re: NSCLIENT+++ 0.3.9.328
Posted: Wed Feb 14, 2018 11:51 am
by tmcdonald
patalenszki.zoltan wrote:Most common answer is that "not supported by you"
Actually this is only the first time we have had to give this answer in any of the topics you have opened on this forum. The rest seem to have been resolved successfully. However, please note that we did provide more information than just "not supported". You are asking questions about third-party software, and we have provided advice to upgrade to a newer version (which is also included on the page you linked to). We also gave the configuration options you would need to set in order to achieve your desired state.
You might have missed that part of
@lmiltchev's reply, so I will quote it below for reference:
lmiltchev wrote:NSClient++ is not developed or maintained by Nagios. I would recommend posting your question on the NSClient++ support site. Having said that, it is possible that you would need to upgrade your agent to a newer version - 0.3.9 is quite old. I believe in the latest versions of NSClient++ you could specify the "allowed ciphers" in the nsclient.ini:
Code: Select all
[/settings/NSClient/server]
# ALLOWED CIPHERS
allowed ciphers=ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH
I am not sure if you could do this in ver. 0.3.9 but I pretty much doubt it.
Please let us know if you have additional questions.
Re: NSCLIENT+++ 0.3.9.328
Posted: Wed Feb 14, 2018 5:16 pm
by patalenszki.zoltan
Thank you for your support!
I will try to upgrade nsclient, in current version allowed_ciphers is not supported.
Best Regards,
Zoltán
Re: NSCLIENT+++ 0.3.9.328
Posted: Thu Feb 15, 2018 12:49 pm
by lmiltchev
Do you want us to keep the thread open just in case or it is ok to lock it? Thank you!