Allow probing for insecure TLS versions
NotAFile opened this issue · 1 comments
NotAFile commented
I would like to alert if a service offers any insecure TLS versions. As far as I can tell, the only way to do this is to try with a given TLS version and see what happens. However, the only setting exposed in the exporter right now is the minimum TLS version.
It would be useful to be able to do the following:
tls_insecure_versions:
prober: tcp
timeout: 5s
tcp:
tls: true
tls_config:
max_version: "1.1"
This way, we could alert if TLS1.1 or lower is enabled.
NotAFile commented
It turns out this functionality is already there, just not documented.