You are here

How Do I disable SSLv2/SSLv3 on port 5666

3 posts / 0 new
Last post
arenner
arenner's picture
How Do I disable SSLv2/SSLv3 on port 5666

Hello,

I have a client with security scanners alarming about SSLv2/SSLv3 on port 5666 on the systems running Opsview Agent.

NSClient has a new 0.4.x version which added options to disable the vulnerable SSL versions but Opsview is using an older 0.3.x version.

https://www.nsclient.org/2015/01/12/another-week-another-release/

http://docs.nsclient.org/reference/client/NRPEServer.html

 

We need to get this disabled for our client. Any ideas?

smarsh
smarsh's picture
Hello,

Hello,

Your best bet is to contact the Customer Success team who can run you through this, however we run a heavily modified version of NSClient which was originally 0.3x but is pretty far removed now. We have added support for strong siphers and the use of SSL certificates in the latest version of Opsview (4.6.3), please see here for more details:

http://docs.opsview.com/doku.php?id=opsview4.6:opspacks:templates:opsviewagent

Best,

Sam

arenner
arenner's picture
Insufficient resolution

smarsh,

The current solutions with Opsview are not sufficient. We needed to keep using Opsview the same way we were but with SSLv2/SSLv3 disabled.

We had to (on this client's machines only) use the official NSClient++ to gain use of this in nsclient.ini:

[/settings/NRPE/server]
ssl options = no-sslv2,no-sslv3

Now their machines do not respond with anything at all via SSLv2/SSLv3 which should make their security scanner happy.

http://docs.nsclient.org/reference/client/NRPEServer.html