Configuration of allowed TLS versions and ciphers for the Monitoring Station
Communications between the Monitoring Station and Agents
To configure communications between the Monitoring Station and Agents, add a . Add list of allowed TLS versions and ciphers in uptime.conf using clientSocketTlsVersion
, clientSocketCiphers
, and ‘':’ ' as delimiter, for example:
...
Code Block |
---|
clientSocketCiphers= TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384:TLS_RSA_WITH_AES_256_CBC_SHA256 |
Web Application Monitoring
To configure web application monitoring. Add , add a list of allowed TLS versions and ciphers in uptime.conf using clientHttpCiphers
, clientHttpTlsVersion
, and ‘':’ ' as delimiter, for example:
...
Configuration of allowed TLS versions and ciphers for Agents/Stunnel
In uptmagnt.conf, specify ‘sslVersion’ sslVersion and ‘ciphers’ ciphers to allow specific TLS versions and ciphers, for example:
...
To enable specific SSL/TLS versions, you need to first must disable all other possible versions. For example, to enable only TLSv1.2, add the following code to uptmagnt.conf:
Code Block |
---|
options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 options = NO_TLSv1.1 |
To enable TLSv1.1 and TLSv1.2, use the following options:
Code Block |
---|
options = NO_SSLv2 options = NO_SSLv3 options = NO_TLSv1 |
Example Review the following example of uptmagnt.conf with a specific TLS version and cipher:
...