We have been asked to migrate our tools to TLS 1.3 by our security team. Does Nagios xi and NCPA support the TLS 1.3 for communication of host/service checks, GUI interface and also for email? I don't really see a good answer anywhere in the forums.
Nagios xi 5.8.6 running on RHEL 7.9 VM's and RHEL 8.5VM's
NCPA 2.3.0 running on RHEL 7.9 and 8.5 VM's and Windows 2016/2019 VM's
TLS 1.3 for NCPA and Nagios xi
-
kfanselow
- Posts: 247
- Joined: Tue Aug 31, 2021 3:25 pm
Re: TLS 1.3 for NCPA and Nagios xi
Hi hbouma,
Currently NCPA supports TLS version 1.2 and support for version 1.3 is on our development teams radar for future versions. That being said you can prescribe the ciphers in use by NCPA, using the ssl_ciphers option to align them with what is allowed by the TLS1.3 specification. I'll append a link to the NCPA config options page along with a link the TLS cipher table on Wikipedia; you should be able to map the ciphers to a set that will meet your security requirements.
NCPA
https://www.nagios.org/ncpa/help.php#co ... -reference
Wikipedia table - Cipher security against publicly known feasible attacks:
https://en.wikipedia.org/wiki/Transport ... ity#Cipher
Thanks and Best Regards,
Keith
Currently NCPA supports TLS version 1.2 and support for version 1.3 is on our development teams radar for future versions. That being said you can prescribe the ciphers in use by NCPA, using the ssl_ciphers option to align them with what is allowed by the TLS1.3 specification. I'll append a link to the NCPA config options page along with a link the TLS cipher table on Wikipedia; you should be able to map the ciphers to a set that will meet your security requirements.
NCPA
https://www.nagios.org/ncpa/help.php#co ... -reference
Wikipedia table - Cipher security against publicly known feasible attacks:
https://en.wikipedia.org/wiki/Transport ... ity#Cipher
Thanks and Best Regards,
Keith
-
kfanselow
- Posts: 247
- Joined: Tue Aug 31, 2021 3:25 pm
Re: TLS 1.3 for NCPA and Nagios xi
Hi hbouma,
Currently NCPA supports TLS version 1.2 and support for version 1.3 is on our development teams radar for future versions. That being said you can prescribe the ciphers in use by NCPA, using the ssl_ciphers option to align them with what is allowed by the TLS1.3 specification. I'll append a link to the NCPA config options page along with a link the TLS cipher table on Wikipedia; you should be able to map the ciphers to a set that will meet your security requirements.
NCPA
https://www.nagios.org/ncpa/help.php#co ... -reference
Wikipedia table - Cipher security against publicly known feasible attacks:
https://en.wikipedia.org/wiki/Transport ... ity#Cipher
Thanks and Best Regards,
Keith
Currently NCPA supports TLS version 1.2 and support for version 1.3 is on our development teams radar for future versions. That being said you can prescribe the ciphers in use by NCPA, using the ssl_ciphers option to align them with what is allowed by the TLS1.3 specification. I'll append a link to the NCPA config options page along with a link the TLS cipher table on Wikipedia; you should be able to map the ciphers to a set that will meet your security requirements.
NCPA
https://www.nagios.org/ncpa/help.php#co ... -reference
Wikipedia table - Cipher security against publicly known feasible attacks:
https://en.wikipedia.org/wiki/Transport ... ity#Cipher
Thanks and Best Regards,
Keith
-
hbouma
- Posts: 483
- Joined: Tue Feb 27, 2018 9:31 am
Re: TLS 1.3 for NCPA and Nagios xi
Thank you. That is all I needed.
-
kfanselow
- Posts: 247
- Joined: Tue Aug 31, 2021 3:25 pm
Re: TLS 1.3 for NCPA and Nagios xi
Glad to help - we'll lock out the thread.
Thanks and Best Regards,
Keith
Thanks and Best Regards,
Keith