Disable specific weak cipher for port 5665

Hey, everyone. Recent Nessus scanning against our Icinga2 host are showing a weak cipher on 5665. Thus far, we have been unable to get the system to disable this cipher. Was hoping the hive mind could help out here.

OS: RHEL 8.8
Icinga ver. 2.9.5
PHP ver. 7.2.24
Weak cipher: ECDHE-RSA-AES128-SHA256

We currently have /etc/icinga2/features-enabled/api.conf configured with the following:


Any help with disabling the weak cipher listed above would be greatly appreciated. TIA

  1. the result on the nessus scan would be helpful.
  2. you need to add this to the agents as well.
  3. don’t forget to restart icinga2.
  4. you icinga version is super old

Hello @xion824!

At best upgrade straight to 2.14, we’ve hardened the defaults recently.


I was able to disable the cipher by adding it to the cipher_list line with “-” in front of it. For some reason this didn’t register previously, but this time it did.

Unable to do so due to developer specific requirements.