On 2020-02-19 22:17, William Leuschner wrote:
Hello porters,
I'm trying to set up Zabbix with pre-shared keys so that:
* connections are encrypted, and
* the agent will reject connections from anyone without the key.
The configuration that should work currently fails with a library error.
According to this note from 2017[1], PSK support was removed from LibreSSL, and the best choice
would be building against gnutls. Has anything changed since then, or is gnutls still the best
option? If gnutls is the best bet, would a gnutls flavor be welcome?
Though i'm using zabbix mostly in larger setups where only
certificates make sense (handling, security), i see the
advantage of having PSK support when only few monitored
systems are involved (or for testing purposes).
That said, i'd also switch completely to gnutls, instead
of having another FLAVOR.
-Mark
Thanks,
William Leuschner
[1]: https://marc.info/?l=openbsd-ports&m=148465399628705&w=2
--
Mark Patruck ( mark at wrapped.cx )
GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51
https://www.wrapped.cx
