[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Disable TLSv1.0

From: Jeremey Hustman
Subject: Re: Disable TLSv1.0
Date: Sat, 20 Aug 2016 15:57:54 -0800

Thank you, I managed to get Apache ProxyPass working and pointed "/monit" to localhost:2812 and this works great. 

On Sat, Aug 20, 2016 at 1:46 PM, Phil Townes <address@hidden> wrote:

Would proxying :2812 via Apache or nginx work for you? You'd then have total control over TLS versions and cipher suites.

On some servers I've got :2812 set to only be accessible to localhost, and then set up a SSH tunnel to 2812 when I need to access monit.  I figure if the port isn't listening on an accessible network interface you can't be in breach of compliance requirements.

Hope that helps.

On 20 Aug 2016 20:21, "Jeremey Hustman" <address@hidden> wrote:
Is there a way to disable tlsv1.0?  In my montirc I have 

set ssl {
    verify: enable,
    version: tlsv11,
    version: tlsv12

But still TLSv1.0 is enabled, and adding -tlsv10 (like in apache) doesn't work.

To be able to pass PCI Compliance on this particular server I need to disable this on this specific port (2812)

Thank you,

To unsubscribe:

To unsubscribe:


reply via email to

[Prev in Thread] Current Thread [Next in Thread]