Re: Disable TLSv1.0

monit-general

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Disable TLSv1.0

From:	Phil Townes
Subject:	Re: Disable TLSv1.0
Date:	Sat, 20 Aug 2016 22:46:20 +0100

Would proxying :2812 via Apache or nginx work for you? You'd then have total control over TLS versions and cipher suites.

On some servers I've got :2812 set to only be accessible to localhost, and then set up a SSH tunnel to 2812 when I need to access monit. I figure if the port isn't listening on an accessible network interface you can't be in breach of compliance requirements.

Hope that helps.
Phil

On 20 Aug 2016 20:21, "Jeremey Hustman" <address@hidden> wrote:

Is there a way to disable tlsv1.0? In my montirc I have

set ssl {
verify: enable,
version: tlsv11,
version: tlsv12
}

But still TLSv1.0 is enabled, and adding -tlsv10 (like in apache) doesn't work.

To be able to pass PCI Compliance on this particular server I need to disable this on this specific port (2812)

Thank you,
--
Jeremey

--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general

[Prev in Thread]

Current Thread

[Next in Thread]

Disable TLSv1.0, Jeremey Hustman, 2016/08/20
- Re: Disable TLSv1.0, Phil Townes <=
  - Re: Disable TLSv1.0, Jeremey Hustman, 2016/08/20

Prev by Date: Disable TLSv1.0
Next by Date: Re: Disable TLSv1.0
Previous by thread: Disable TLSv1.0
Next by thread: Re: Disable TLSv1.0
Index(es):
- Date
- Thread