Would proxying :2812 via Apache or nginx work for you? You'd then have total control over TLS versions and cipher suites.
On some servers I've got :2812 set to only be accessible to localhost, and then set up a SSH tunnel to 2812 when I need to access monit. I figure if the port isn't listening on an accessible network interface you can't be in breach of compliance requirements. Hope that helps. Phil On 20 Aug 2016 20:21, "Jeremey Hustman" <[email protected]> wrote: > Is there a way to disable tlsv1.0? In my montirc I have > > set ssl { > verify: enable, > version: tlsv11, > version: tlsv12 > } > > But still TLSv1.0 is enabled, and adding -tlsv10 (like in apache) doesn't > work. > > To be able to pass PCI Compliance on this particular server I need to > disable this on this specific port (2812) > > Thank you, > -- > Jeremey > > > -- > To unsubscribe: > https://lists.nongnu.org/mailman/listinfo/monit-general >
-- To unsubscribe: https://lists.nongnu.org/mailman/listinfo/monit-general
