Page 1 of 1
Disable SSLv3 on Nagios XI
Posted: Mon Jul 23, 2018 12:48 pm
by sandeepatil
How disable SSLv3 on Nagios XI and enable TLSv1.1/TLSv1.2
Re: Disable SSLv3 on Nagios XI
Posted: Mon Jul 23, 2018 4:41 pm
by cdienger
You can control which protocols are allowed to connect to XI's interface by editing /etc/httpd/conf.d/ssl.conf. Disable SSLv2 and v3 for example with the line:
SSLProtocol all -SSLv2 -SSLv3
Re: Disable SSLv3 on Nagios XI
Posted: Tue Jul 24, 2018 12:44 am
by sandeepatil
Suggested configuration tested, but not working.
Please find below output :
# openssl ciphers -v | awk '{print $2}' | sort | uniq
SSLv3
TLSv1.2
Re: Disable SSLv3 on Nagios XI
Posted: Tue Jul 24, 2018 8:21 am
by mcapra
All that tells you is that openssl has some SSLv3 based ciphers available to it. It's not indicative of what protocols/services are accepting which ciphers.
I guess I'm a bit confused as to what exactly you're looking to accomplish? You could recompile openssl without SSLv2 or SSLv3 support, but frankly that's not something anyone on this forum should be assisting you with as it's well outside the scope of Nagios related things.
Re: Disable SSLv3 on Nagios XI
Posted: Tue Jul 24, 2018 4:05 pm
by cdienger
Thanks for the input,
@mcapra!
Re: Disable SSLv3 on Nagios XI
Posted: Wed Aug 01, 2018 9:30 am
by sandeepatil
We found disable option in ssl.conf.
Please close this thread.