On 9. 2. 2023, at 22:11, martinp@tildeslash.com wrote:
On 9. 2. 2023, at 20:22, sashk via This is the general mailing list for monit <monit-general@nongnu.org> wrote:
Hi,
Google the error and solution. Either update SSL on the cable modem “server” if you can or modify Monit (the client) yourself.
Upgrading ssl is not possible on cable modem, therefore as I stated in my original email:
It seems re-configuring OpenSSL it is possible to do systemwide, but I would like to avoid doing so.
I was hoping there is a way, similar to ssl options {version: TLSV1,... } to enable this setting just for this particular check in monit, not systemwide, as this opens system to CVE-2009-3555.
Thanks.
Yes, that is possible, see snip from Monit 5.27.0: --8<-- Version 5.27.0 Important: (Backward compatibility impact) The SSL "version: auto" now defaults to TLSv1.2 and TLSv1.3 only. If you need to enable TLSv1.0 or TLSv1.1 (regardless of how insecure it is), you have to explicitly enable it via the SSL option, example: set ssl { version: tlsv11 } --8<--
I'm sorry, i pointed only to the global option ... it is possible to override the SSL options for particular port test too, see the example from the manual.
The "version" ssl option in the port statement context works the same as on the global "set ssl" context:
check host example with address example.com
if failed
port 443
protocol https
with ssl options {selfsigned: allow}
then alert
|