Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Zabbix PSK Encryption and Ciphers

            Modified on Mon, 25 Jul, 2022 at 2:13 PM

            Zabbix Server option:

            TLSCipherPSK13=TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256


            Proxy server option:

            TLSCipherPSK13=TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256


            This forces proxies to communicate to the server via the above ciphers in order. To check what ciphers a server supports run this command:


            openssl ciphers -v | column -t

            Disable CBC ciphers in apache:


            edit /etc/apache2/mods-enabled/ssl.conf


            SSLCipherSuite HIGH:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384

SSLOptions +StrictRequire -OptRenegotiate

            edit /etc/letsencrypt/options-ssl-apache.conf

            SSLCipherSuite HIGH:!RSA:!CAMELLIA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SHA1:!SHA256:!SHA384

SSLOptions +StrictRequire -OptRenegotiate

            See here for Zabbix best security practises
            Best practices for secure Zabbix setup

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0