Hi,
while updating from Monit 5.3.1 to the current Monit 5.6 I try to change the CIPHER_LIST in src/ssl.c to something more secure. In order to test this with something simple, I replaced the default "ALL:!ADH:!LOW:!EXP:!MD5:@STRENGTH" with "RC4-SHA:AES256-SHA:AES128-SHA". With a "strings /usr/bin/monit | less" I can see that the changed CIPHER_LIST actually ends up in the binary.
If I check the local IP on port 2812 with sslscan or a similar tool I always get the same results, no matter if I test the old Monit 5.3.1 with the default CIPHER_LIST, Monit 5.6 with the default CIPHER_LIST or 5.6 with the modified CIPHER_LIST.:
Accepted SSLv3 256 bits AES256-SHA
Accepted SSLv3 256 bits CAMELLIA256-SHA
Accepted SSLv3 168 bits DES-CBC3-SHA
Accepted SSLv3 128 bits AES128-SHA
Accepted SSLv3 128 bits SEED-SHA
Accepted SSLv3 128 bits CAMELLIA128-SHA
Accepted SSLv3 128 bits RC4-SHA
Accepted SSLv3 128 bits RC4-MD5
Accepted SSLv3 56 bits DES-CBC-SHA