Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Windows agent 2.10.4 -> 2.11.0 RC1 master: no shared cipher #7386

dnsmichi opened this issue Aug 1, 2019 · 2 comments


Copy link

commented Aug 1, 2019

Describe the bug

Windows 2.10.4 Agent connects against 2.11.0 RC1 master resulting in no shared cipher error messages.


  • openssl s_server -connect :5665 from the master (if reachable)
  • sslscan on Linux or as exe on Windows to analyse the preferred cipher suite

windows_icinga_2 10 4_ciphers_sslscan


The master prefers the cipher suite and needs to offer AES256-GCM-SHA384.

Edit features-enabled/api.conf and add the cipher_list attribute with the following content from #7368.

object ApiListener "api" {


  ticket_salt = TicketSalt


Already fixed with #7369 - this adds to the list for patching 2.10.6 as well (and blocks the ECC draft in #7323). @lippserd @bobapple



@dnsmichi dnsmichi added this to the 2.11.0 milestone Aug 1, 2019

@dnsmichi dnsmichi self-assigned this Aug 1, 2019


This comment has been minimized.

Copy link
Member Author

commented Aug 1, 2019

This is for tracking only, workarounds and fixes already exist.

@dnsmichi dnsmichi closed this Aug 1, 2019

@dnsmichi dnsmichi referenced this issue Aug 1, 2019
26 of 33 tasks complete

This comment has been minimized.

Copy link
Member Author

commented Aug 1, 2019

Versions til 2.10.5 use OpenSSL 1.0.2n, that explains the missing ECDH cipher suites.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
1 participant
You can’t perform that action at this time.