Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-8955

net.tcp.service[https] marked as down on nginx with certain ssl_ciphers

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Minor
    • Resolution: Won't fix
    • 2.2.6
    • None
    • Agent (G)
    • None

    Description

      I'm using net.tcp.service[https] ( Zabbix agent active ) to check the https port on my Nginx server. I decided to tweak my ssl ciphers to strenghten the security, and changed it to:

      ssl_prefer_server_ciphers on;
      ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:!ADH:!AECDH:!MD5;

      As soon as I restarted Nginx, Zabbix marked the item as being down.

      I changed the ciphers to the somewhat more compatible:

      ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

      and the item was marked as up again.

      I've used https://bjornjohansen.no/optimizing-https-nginx as a guide to tweak Nginx.

      Attachments

        Activity

          People

            Unassigned Unassigned
            verwilst Bart Verwilst
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: