On Windows use SChannel, not OpenSSL, for TLS connections #9955

Al2Klimov · 2024-01-03T17:43:49Z

Is your feature request related to a problem? Please describe.

As we ship OpenSSL on Windows, we have to update Icinga along with OpenSSL.
Every OpenSSL update is a security update by definition.

Describe the solution you'd like

typedef boost::asio::ssl::stream SslStream; or similar
use SslStream everywhere, not boost::asio::ssl::stream
on Windows make SslStream a custom class using SChannel, not OpenSSL
same with boost::asio::ssl::context => SCHANNEL_CRED

Describe alternatives you've considered

[Feature] Update OpenSSL bundled with Icinga 2 independent of Icinga 2 itself icinga-powershell-framework#674 (IfW only)

Al2Klimov added area/distributed Distributed monitoring (master, satellites, clients) area/api REST API area/windows Windows agent and plugins labels Jan 3, 2024

Al2Klimov self-assigned this Jan 3, 2024

Al2Klimov linked a pull request Jan 3, 2024 that will close this issue

WIP #9956

Draft

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

On Windows use SChannel, not OpenSSL, for TLS connections #9955

On Windows use SChannel, not OpenSSL, for TLS connections #9955

Al2Klimov commented Jan 3, 2024

On Windows use SChannel, not OpenSSL, for TLS connections #9955

On Windows use SChannel, not OpenSSL, for TLS connections #9955

Comments

Al2Klimov commented Jan 3, 2024

Is your feature request related to a problem? Please describe.

Describe the solution you'd like

Describe alternatives you've considered