-
Notifications
You must be signed in to change notification settings - Fork 159
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS PSK usage with ZabbixSender #114
Comments
I have tested this on my landscape and it works perfectly. |
Works perfectly on Zabbix 5, thanks for sharing. |
MR with fix #139 |
Hello.
@mcdir does your branch have these fixes applied? |
Thank you @KostyaEsmukov for providing this! I hit a bug in the sslpsk lib. I could solve it by applying this patch manually to the file sslpsk.py After this it's working fine!! |
I've spent quite a lot of time trying to set up a TLS connection with PSK. I finally managed to do that, so I thought I'd share my solution in hope that it would save someone time.
The python
ssl
package doesn't provide support for PSK, it supports just the certificates. But there's a nice little package which does provide support for TLS PSK: https://github.com/drbild/sslpskThe tricks are:
sslpsk
expects that itswrap_socket
would be called aftersocket.connect(...)
, while thessl.wrap_socket
expects that it would be called beforesocket.connect(...)
.So here is a solution that works for me with Zabbix server 4.2:
It would be nice if
ZabbixSender(use_config=True)
could automatically detect PSK settings from the config and use them, but I guess this solution might seem to be a bit hacky to be included to the package. Especially given that thesslpsk
package on pypi does not provide manylinux/macos wheels and needs openssl headers and gcc to be present on the system to be installed.I would be glad to know if there's a cleaner way to achieve the TLS PSK support with this package.
The text was updated successfully, but these errors were encountered: