Hi Alexander. On Mon, 2012-02-20 at 06:29 +0100, Alexander Wirt wrote: > this breaks all existing nrpes What do you mean by breaking NRPEs? The other Nagios NRPEs (that could be used on remote host sides) which still use the fake SSL?
But even if it does... wouldn't that be better? That SSL is just useless, so admins are better off with disabling it altogether. > and icinga nrpe is not in a releasable state. Just for my personal education :) ... what's the issue about it? I mean the current situation is IMHO a bit concerning. - Nagios upstream seems to have abandoned this issue. - SSL is activated per default in Debian, which is useless anyway and in the worst case gives a wrong feeling of security. - Severity of this issue is "just" important, IMHO it should be grave (http://www.debian.org/Bugs/Developer#severities), which would also notify at least those using apt-listbugs. - Of course one can argue that you cannot do much of an attack with NRPE, but people may rely on SSL and think it safe because of it to enable argument processing in NRPE Cheers, Chris.
smime.p7s
Description: S/MIME cryptographic signature
