Zabbix Documentation 4.0

3.04.04.45.0 (current)| In development:5.2 (devel)| Unsupported:1.82.02.22.43.23.44.2Guidelines

User Tools

Site Tools


manual:appendix:config:zabbix_proxy

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
manual:appendix:config:zabbix_proxy [2020/02/10 08:21]
martins-v better page structure
manual:appendix:config:zabbix_proxy [2020/03/27 14:30] (current)
martins-v adding TLSCipher* parameters
Line 74: Line 74:
 | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCAFile| no |  | |Full pathname of a file containing the top-level CA(s) certificates for peer certificate verification,​ used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCertFile| no |  | |Full pathname of a file containing the proxy certificate or certificate chain, used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCertFile| no |  | |Full pathname of a file containing the proxy certificate or certificate chain, used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |
 +| TLSCipherAll| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example: TLS_AES_256_GCM_SHA384:​TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.0.19. ​ |
 +| TLSCipherAll13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL::​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128:​kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.0.19. ​ |
 +| TLSCipherCert| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for certificate-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-RSA:​+RSA:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL:​+CTYPE-X.509\\ Example for OpenSSL: EECDH+aRSA+AES128:​RSA+aRSA+AES128\\ This parameter is supported since Zabbix 4.0.19. ​ |
 +| TLSCipherCert13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for certificate-based encryption.\\ This parameter is supported since Zabbix 4.0.19. ​ |
 +| TLSCipherPSK| no |  | |GnuTLS priority string or OpenSSL (TLS 1.2) cipher string. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example for GnuTLS: NONE:​+VERS-TLS1.2:​+ECDHE-PSK:​+PSK:​+AES-128-GCM:​+AES-128-CBC:​+AEAD:​+SHA256:​+SHA1:​+CURVE-ALL:​+COMP-NULL:​+SIGN-ALL\\ Example for OpenSSL: kECDHEPSK+AES128:​kPSK+AES128\\ This parameter is supported since Zabbix 4.0.19. ​ |
 +| TLSCipherPSK13| no |  | |Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3. Override the default ciphersuite selection criteria for PSK-based encryption.\\ Example: TLS_CHACHA20_POLY1305_SHA256:​TLS_AES_128_GCM_SHA256\\ This parameter is supported since Zabbix 4.0.19. ​ |
 | TLSConnect| yes for active proxy, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSConnect| yes for active proxy, if TLS certificate or PSK parameters are defined (even for //​unencrypted//​ connection),​ otherwise no |  | |How the proxy should connect to Zabbix server. Used for an active proxy, ignored on a passive proxy. Only one value can be specified: \\ //​unencrypted//​ - connect without encryption (default) \\ //psk// - connect using TLS and a pre-shared key (PSK) \\ //cert// - connect using TLS and a certificate\\ This parameter is supported since Zabbix 3.0.0. ​ |
 | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates.This parameter is used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ | | TLSCRLFile| no |  | |Full pathname of a file containing revoked certificates.This parameter is used for encrypted communications between Zabbix components.\\ This parameter is supported since Zabbix 3.0.0. ​ |