This is build upon our experience with bad devices during the 2.3.0 alpha phase. There were some devices where we just had to switch to less secure defaults. Thanks to all the colleagues providing input and testing:
This How-To only covers active checks with Nagios plugins.
What about failing special agents because the devices (e.g. NetApp) only have TLS1.0 available?
IMHO a monitoring system should be able to downgrade the security here automatically. Maybe issue a warning that deprecated SSL is used but do not fail to connect.
1 Like
I completely understand the motivation here, my opinion also is that TLS 1.0 is still better than downgrading to HTTP or no monitoring at all, and I will discuss with dev and product how we can provide a smooth monitoring experience (uh, that sounds like marketing talk).
Currently, only a very hacky approach comes to my mind that I will not discuss publicly, but DMs are open.
1 Like