Ad Widget

Collapse

Zabbix 4.0.3: How to disable weak ciphers

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • vigneshn
    Junior Member
    • Jan 2018
    • 17
    #1

    Zabbix 4.0.3: How to disable weak ciphers

    We are using Zabbix 4.0.3 in RHEL 7. Our openssl version is 1.0.2k. We do not use any cert/psk and I used the default Zabbix server package to install Zabbix server.

    When Zabbix server is started, it is using insecure cipher suite TLS 1.2: TLS_PSK_WITH_AES_128_CBC_SHA. How do I disable it?

    Thanks.
    Tags: None
    • DmitryL
      Senior Member
      Zabbix Certified SpecialistZabbix Certified Professional
      • May 2016
      • 278
      #2
      16. Encryption
      https://www.zabbix.com/documentation/3.0/manual/encryption#ciphersuites

        Comment

        • Kate357
          Junior Member
          • Oct 2018
          • 2
          #3
          I'm sure this will work.
          Disabling SSL 2.0, you can disable some weak ciphers by editing the registry in the same way. To speed up the process, you can paste the following in to a text file and name it disableWeakCiphers.reg, then double-click it.
          Great day ahead. see you soon.
          Last edited by Kate357; 10-01-2019, 08:35.

            Comment

            • andris
              Zabbix developer
              • Feb 2012
              • 228
              #4
              Originally posted by vigneshn
              .... Our openssl version is 1.0.2k. We do not use any cert/psk ....

              When Zabbix server is started, it is using insecure cipher suite TLS 1.2: TLS_PSK_WITH_AES_128_CBC_SHA. How do I disable it?
              If you are not using "any cert/psk" then outgoing connections will never use TLS_PSK_WITH_AES_128_CBC_SHA. Incoming connections using it will be closed soon after arrival because server has no PSKs for decrypting.

                Comment

                Previous template Next
                Working...