Hi Michael,

Thanks for reply.

This is for scenario :

Server#1 : Observium Web server Server#2 : Database server

How to make sure that, in Observium systems ( Web ) , database Security Server ( DB ) , TCP database port uses TLS v1.2 or above for communications.

This is to ensure communication is secured.

Could share with us information if any.

Thank you.

Regards Ryan

From: observium observium-bounces@observium.org On Behalf Of Michael via observium Sent: Monday, 4 April 2022 11:08 am To: Observium observium@observium.org Cc: Michael obslist@smarsz.com Subject: Re: [Observium] Observium - database Security Server and TCP database port uses TLS v1.2 or above for communications

I'd argue that it is pretty much irrelevant in this scenario.

As your database is on the same box as the Observium process, there's no cleartext data being transmitted across the network, which is what that control is designed to address.

If the data is considered sensitive enough, you should probably looking to also encrypt the data at rest within the database (as you would have needed to already compromise the Observium host in order to abuse the above scenario, you've got access to the database regardless). That's a slightly different rabbit hole to fall into.

Michael

On 4 Apr 2022, at 12:40 pm, Ryan Tee via observium <observium@observium.orgmailto:observium@observium.org> wrote:

Hi ,

We would like to check followings in Observium systems.

How to make sure that, in Observium systems, database Security Server and TCP database port uses TLS v1.2 or above for communications.

This is to ensure communication is secured.

Appreciate share with us, to configure setting config.php file in Observium systems.

Regards Ryan

<image001.png> _______________________________________________ observium mailing list observium@observium.orgmailto:observium@observium.org http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

Hi Mike,

Thanks for sharing information of configuration of SSL

By the way, we would like to use TLS v1.2 or above for communication.

Appreciate share with us, to configure setting config.php file in Observium systems. Regards Ryan

From: observium observium-bounces@observium.org On Behalf Of Mike Stupalov via observium Sent: Monday, 4 April 2022 3:56 pm To: Observium observium@observium.org; Ryan Tee via observium observium@observium.org Cc: Mike Stupalov mike@observium.org Subject: Re: [Observium] Observium - database Security Server and TCP database port uses TLS v1.2 or above for communications

Hi,

here list of optional configuration for use SSL:

// Optionally SSL (only for MySQLi)

$config['db_ssl'] = FALSE; // If TRUE mysql connection uses ssl (only available with mysqli engine)

$config['db_ssl_verify'] = TRUE; // disables SSL certificate validation on mysqlnd

#$config['db_ssl_key'] = ''; // path to ssl key file

#$config['db_ssl_cert'] = ''; // path to ssl certificate file

#$config['db_ssl_ca'] = ''; // path to ssl ca file

#$config['db_ssl_ca_path'] = ''; // path to ca files

#$config['db_ssl_ciphers'] = ''; // allowed ciphers to use for ssl connection

Ryan Tee via observium wrote on 4.04.2022 05:40:

Hi ,

We would like to check followings in Observium systems.

How to make sure that, in Observium systems, database Security Server and TCP database port uses TLS v1.2 or above for communications.

This is to ensure communication is secured.

Appreciate share with us, to configure setting config.php file in Observium systems.

Regards

Ryan

[cid:image001.png@01D848EB.4DAA7200]

_______________________________________________

observium mailing list

observium@observium.orgmailto:observium@observium.org

http://postman.memetic.org/cgi-bin/mailman/listinfo/observium

-- Mike Stupalov, Discord channel: https://discord.gg/GjpNXKWm8W Observium Limited, https://observium.org