Uploaded image for project: 'ZABBIX FEATURE REQUESTS'
  1. ZABBIX FEATURE REQUESTS
  2. ZBXNEXT-3604

user configurable ciphers for communication between Zabbix components

    XMLWordPrintable

Details

    • Team A
    • Sprint 59 (Dec 2019), Sprint 60 (Jan 2020), Sprint 61 (Feb 2020), Sprint 62 (Mar 2020)
    • 9

    Description

      When my 3.2.1 zabbix server starts, it immediately crashes with: cannot set list of PSK ciphersuites: file ssl_lib.c line 1314: error:1410D0B9:SSL routines:SSL_CTX_set_cipher_list:no cipher match

      It appears when support for OpenSSL 1.1.0 was added, the minimum ciphersuite selection was reduced from "RSA+aRSA+AES128" to "PSK-AES128-CBC-SHA". My CentOS 6 openssl doesn't support PSK-AES128-CBC-SHA, but it does have 3 supported ciphers that match RSA+aRSA+AES128.

      Ideally there would be a TLSCiphers configuration setting that allows specifying them manually with a sane default, but in the near term can we make the ZBX_CIPHERS_PSK define be set to "RSA+aRSA+AES128", which would support the previously cipher suites properly.

      (specification)

      Attachments

        Issue Links

          is duplicated by

          Change Request - An Change Request or enhancement Improvement to an existing feature or task. ZBXNEXT-5776 AES 256 Compliant

          • High - Serious problem that could block progress.
          • Closed
          mentioned in

          Page Loading...

          Page Loading...

          Activity

            People

              andris Andris Mednis
              ruckc Curtis Ruck
              Votes:
              5 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: