Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/zabbix/zabbix.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/conf
diff options
context:
space:
mode:
authorAndris Mednis <Andris.Mednis@zabbix.com>2020-03-13 16:16:56 +0300
committerAndris Mednis <Andris.Mednis@zabbix.com>2020-03-13 17:56:09 +0300
commit5a35824a6e3d9346791ec441ca094a4d14b86286 (patch)
tree5734034e849e1a153df22d197811537c3621709b /conf
parent25250c2025dd4c6ae94d6dd28d0dbf86d0b8f668 (diff)
...G...PS. [ZBXNEXT-3604] added support of user configurable ciphers for communication between Zabbix components
* commit '235dcc22f50807a23e941fbece8600c408adcd86': ...G...PS. [ZBXNEXT-3604] fixed compilation of zabbix_js.c ...G...PS. [ZBXNEXT-3604] added support of user configurable ciphers for communication between Zabbix components (cherry picked from commit 26904ff225c1c418bf2ee1d630268e5766d14f6e)
Diffstat (limited to 'conf')
-rw-r--r--conf/zabbix_agentd.conf66
-rw-r--r--conf/zabbix_agentd.win.conf66
-rw-r--r--conf/zabbix_proxy.conf66
-rw-r--r--conf/zabbix_server.conf66
4 files changed, 264 insertions, 0 deletions
diff --git a/conf/zabbix_agentd.conf b/conf/zabbix_agentd.conf
index 44d8130f13f..d6a9eec62c3 100644
--- a/conf/zabbix_agentd.conf
+++ b/conf/zabbix_agentd.conf
@@ -437,3 +437,69 @@ Hostname=Zabbix server
# Mandatory: no
# Default:
# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+# Example for OpenSSL:
+# kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example:
+# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
diff --git a/conf/zabbix_agentd.win.conf b/conf/zabbix_agentd.win.conf
index 1d6532e0e91..ace77bc6bc4 100644
--- a/conf/zabbix_agentd.win.conf
+++ b/conf/zabbix_agentd.win.conf
@@ -396,3 +396,69 @@ Hostname=Windows host
# Mandatory: no
# Default:
# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+# Example for OpenSSL:
+# kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example:
+# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
diff --git a/conf/zabbix_proxy.conf b/conf/zabbix_proxy.conf
index 5ae0ac4c23a..f4db24b465e 100644
--- a/conf/zabbix_proxy.conf
+++ b/conf/zabbix_proxy.conf
@@ -736,3 +736,69 @@ StatsAllowedIP=127.0.0.1
# Mandatory: no
# Default:
# TLSPSKFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+# Example for OpenSSL:
+# kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example:
+# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
diff --git a/conf/zabbix_server.conf b/conf/zabbix_server.conf
index dd8a6e3f19d..fa859207141 100644
--- a/conf/zabbix_server.conf
+++ b/conf/zabbix_server.conf
@@ -720,3 +720,69 @@ StatsAllowedIP=127.0.0.1
# Mandatory: no
# Default:
# TLSKeyFile=
+
+####### For advanced users - TLS ciphersuite selection criteria #######
+
+### Option: TLSCipherCert13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert13=
+
+### Option: TLSCipherCert
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherCert=
+
+### Option: TLSCipherPSK13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example:
+# TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK13=
+
+### Option: TLSCipherPSK
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL
+# Example for OpenSSL:
+# kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherPSK=
+
+### Option: TLSCipherAll13
+# Cipher string for OpenSSL 1.1.1 or newer in TLS 1.3.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example:
+# TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll13=
+
+### Option: TLSCipherAll
+# GnuTLS priority string or OpenSSL (TLS 1.2) cipher string.
+# Override the default ciphersuite selection criteria for certificate- and PSK-based encryption.
+# Example for GnuTLS:
+# NONE:+VERS-TLS1.2:+ECDHE-RSA:+RSA:+ECDHE-PSK:+PSK:+AES-128-GCM:+AES-128-CBC:+AEAD:+SHA256:+SHA1:+CURVE-ALL:+COMP-NULL:+SIGN-ALL:+CTYPE-X.509
+# Example for OpenSSL:
+# EECDH+aRSA+AES128:RSA+aRSA+AES128:kECDHEPSK+AES128:kPSK+AES128
+#
+# Mandatory: no
+# Default:
+# TLSCipherAll=
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-06 04:00:07 +0300