Hey Folks,
Background information:
Zabbix Server 6.4.15
Zabbix Agent2 (mixed) between 6.4.12 and 6.4.15. Most are on 6.4.15. Compiled with OpenSSL 3.0.7.1. All Zabbix agents run on RHEL 9.
We need to test connectivity to public endpoints belonging to large public organizations (Google, AWS, Microsoft, etc). Specifically: I need to test whether the TCP connection can be made and whether TLS 1.2/TLS1.3 is present. The domains are known to us. I added an item with the key "web.page.get["https://microsoft.com"] which works just fine. If I attempt to access specific sites though, such as the item key "web.page.get["https://agentserviceapi.guestconfiguration.azure.com"], it errors out with "local error: tls: no renegotiation". The full test directive on the agent is:
zabbix_agent2 -t web.page.get[https://agentserviceapi.guestconfiguration.azure.com]
Is there a method to get Zabbix to not care about TLS renegotiation? I get that it's "not secure" and whatnot, but it's also very much out of my control. I can't make the likes of Microsoft, Amazon and Google bend to my will because it's inconvenient for me...
Background information:
Zabbix Server 6.4.15
Zabbix Agent2 (mixed) between 6.4.12 and 6.4.15. Most are on 6.4.15. Compiled with OpenSSL 3.0.7.1. All Zabbix agents run on RHEL 9.
We need to test connectivity to public endpoints belonging to large public organizations (Google, AWS, Microsoft, etc). Specifically: I need to test whether the TCP connection can be made and whether TLS 1.2/TLS1.3 is present. The domains are known to us. I added an item with the key "web.page.get["https://microsoft.com"] which works just fine. If I attempt to access specific sites though, such as the item key "web.page.get["https://agentserviceapi.guestconfiguration.azure.com"], it errors out with "local error: tls: no renegotiation". The full test directive on the agent is:
zabbix_agent2 -t web.page.get[https://agentserviceapi.guestconfiguration.azure.com]
Is there a method to get Zabbix to not care about TLS renegotiation? I get that it's "not secure" and whatnot, but it's also very much out of my control. I can't make the likes of Microsoft, Amazon and Google bend to my will because it's inconvenient for me...