-
Incident report
-
Resolution: Won't fix
-
Major
-
None
-
2.2.9
-
None
-
Debian 7.8
Due to Logjam attack vulnerability the supported SSL ciphers are changed on Nginx server to avoid using DHE ciphers and weak AES ciphers. Checking the weak ciphers at ssllabs.com.
ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!DH";
After using this cipher list web scenarios on this web pages fails with "SSL connect error".
Maybe this Zabbix server version doesn't support Elliptic curve Diffie–Hellman (ECDH).
Other versions of Zabbix servers were not tested.