How do I disable TLSV1.0 in monit?

Question

In order to be PCI Compliant, I need to disable TLSV1.0 in my monit installation, and I need SSL enabled in order to view it in my IspConfig installation. I've tried explicitly setting a version like so:

set ssl {
    verify: enable,
    version: tlsv12
}

but still if I

nmap --script ssl-enum-ciphers -p 2812 mywebserver.com

I get ciphers for TLSv1.0.

I am using Monit version 5.18 on Debian Jessie.

score 0 · Accepted Answer · answered Aug 09 '16 at 18:14

0

For random applications like this, that may or may not have sane crypto support, I put them behind an nginx proxy. Have monit bind to localhost, and then let Nginx handle TLS.

Unlike monit and its peers, you can be assured that nginx will support industry best-practices for encryption and will be updated in short order to patch tomorrow's OpenSSL vulnerability du jour.

answered Aug 09 '16 at 18:14

EEAA

108,414
18
172
242

Is there a way to do this with Apache? – Jeremey Aug 20 '16 at 18:33
I managed to get ProxyPass working and pointing to localhost:2812 and this works just fine, thanks for pointing me in the right direction. – Jeremey Aug 20 '16 at 23:59

How do I disable TLSV1.0 in monit?

1 Answers1