John C. Frickson
9178f8ad03
Change names for Markdown formatting on Github
|
10 éve | |
|---|---|---|
| contrib | 22 éve | |
| docs | 18 éve | |
| include | 10 éve | |
| package | 13 éve | |
| sample-config | 12 éve | |
| src | 10 éve | |
| .gitignore | 10 éve | |
| Changelog | 10 éve | |
| LEGAL | 18 éve | |
| Makefile.in | 14 éve | |
| README.SSL.md | 10 éve | |
| README.Solaris | 14 éve | |
| README.md | 10 éve | |
| SECURITY.md | 10 éve | |
| THANKS | 10 éve | |
| config.guess | 20 éve | |
| config.sub | 20 éve | |
| configure | 10 éve | |
| configure.ac | 10 éve | |
| init-script.debian.in | 22 éve | |
| init-script.in | 23 éve | |
| init-script.suse.in | 20 éve | |
| install-sh | 25 éve | |
| nrpe.spec | 12 éve | |
| nrpe.spec.in | 14 éve | |
| subst.in | 14 éve | |
| update-version | 12 éve |
README.SSL.md
NRPE With SSL/TLS
NRPE now has the option for Encrypting Network traffic using SSL/TLS from openssl.
The Encryption is done using a set encryption routine of AES-256 Bit Encryption using SHA and Anon-DH. This encrypts all traffic using the NRPE sockets from the client to the server.
Since we are using Anon-DH this allows for an encrypted SSL/TLS Connection without using pre-generated keys or certificates. The key generation information used by the program to dynaically create keys on daemon startup can be found in the dh.h file in the nrpe src directory. This file was created using the command:
openssl dhparam -C 512
which outputs the C code in dh.h. For your own security you can replace that file with your own dhparam generated code.
As of this time you will need to have the latest greatest version of OpenSSL (tested against version 0.9.7a) since not all versions have the AES algorythm in them.
I am not aware that at this time this code is restricted under export restrictions but I leave that verification process up to you.
Thoughts and suggestions are welcome and I can be reached on the Nagios and NagiosPlug Mailing Lists.
- Derrick