|
From: | Jeremey Hustman |
Subject: | Re: Disable TLSv1.0 |
Date: | Sat, 20 Aug 2016 15:57:54 -0800 |
Would proxying :2812 via Apache or nginx work for you? You'd then have total control over TLS versions and cipher suites.
On some servers I've got :2812 set to only be accessible to localhost, and then set up a SSH tunnel to 2812 when I need to access monit. I figure if the port isn't listening on an accessible network interface you can't be in breach of compliance requirements.
Hope that helps.
PhilOn 20 Aug 2016 20:21, "Jeremey Hustman" <address@hidden> wrote:--Is there a way to disable tlsv1.0? In my montirc I haveset ssl {verify: enable,version: tlsv11,version: tlsv12}But still TLSv1.0 is enabled, and adding -tlsv10 (like in apache) doesn't work.To be able to pass PCI Compliance on this particular server I need to disable this on this specific port (2812)Thank you,--Jeremey
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
[Prev in Thread] | Current Thread | [Next in Thread] |