nscp icon indicating copy to clipboard operation
nscp copied to clipboard

Published 20 hours ago verified publisher icon mickem

Deployment of configuration files over TLSv1.2-only webserver not working

Open daooze opened this issue 3 years ago • 3 comments

Issue and Steps to Reproduce

We are running a simple webserver to have a central repository for different configuration files, scripts and tools used by nscp. Distribution over http works like a charm but we are now required to secure the connections. This involves switching from http to https and also the hardening of the TLS protocol. nscp seems to only support TLSv1.0 (maybe SSL2/3, not checked) and a bunch of deprecated ciphers. Our webservers are only allowed to support TLSv1.2 and above with ECDH-based ciphers.

Please update NSCP to use this modern protocol and ciphers for downloading its configuration files from a webserver.

Expected Behavior

NSCP should be able to download configuration files and attachments from a webserver that supports TLSv1.2 and above.

Actual Behavior

SSL handshake fails.

Details

  • NSClient++ version: 0.5.2.35
  • OS and Version: Windows Server 2012, Windows Server 2016, Windows Server 2019, Windows 10 v1909
  • Checking from: Icinga
  • Checking with: check_nrpe

Additional Details

none

Edit: Typo

daooze avatar Jun 09 '21 12:06 daooze

Sounds reasonable.

mickem avatar Jun 10 '21 03:06 mickem

Just saw today in your latest nightly build that you have switched to OpenSSL 1.1.1q. Will you fix this current issue in the near future? Maybe make the whole "config-files-from-webserver" configurable with the ciphers and protocol versions one needs??

daooze avatar Nov 09 '23 14:11 daooze

I have currently upgraded all raw libs and there are a lot of new features in this area so I would expect updates here as well. But there are a lot of others things as well so I would not expect anything in the next few weeks, but hopefully before the end of the year...

mickem avatar Nov 13 '23 17:11 mickem