Description

This Plugin checks for the TLS Settings (SCHANNEL) of Windows machines. To go for sure you can check and set the TLS Settings with IISCrypto -> https://www.nartac.com/Products/IISCrypto

Setup:

Install the MKP Deploy the Plugin via Bakery Maybe adjust your requirements via the normal Service Rule

Assuming:

Windows Server 2022 has enabled TLS 1.3 by default. Windows Server <2022 are not yet ready for TLS 1.3. Maybe this changes in further windows updates.

Default Warning levels:

TLS 1.3 -> Ignored TLS 1.2 -> Client + Serverside = Enabled TLS 1.1 -> Client + Serverside = Should be Disabled TLS 1.0 -> Client + Serverside = Should be Disabled

Sample Output:

protocol TLS1_3 as expected (S:0❘C:0) protocol TLS1_2 as expected (S:1❘C:1) protocol TLS1_1 (server) is not as expected 0 vs. 1WARN protocol TLS1_1 (client) is not as expected 0 vs. 1WARN protocol TLS1_0 (server) is not as expected 0 vs. 1WARN protocol TLS1_0 (client) is not as expected 0 vs. 1WARN

Version 1.0.6
Latest version
Note: This version requires Checkmk version 2.0.0 or higher.

Uploaded on: 13 Jan 2024

Built on Checkmk version: 2.2.0p14

Minimum Checkmk version required: 2.2.0p0

MKP MD5 hash: 5acfceb3bf3119a135ed6d6b8f8bc983