Werk #18552: check_httpv2: Add TLS compatibility mode option
| Component | Checks & agents | ||||||
| Title | check_httpv2: Add TLS compatibility mode option | ||||||
| Date | Nov 27, 2025 | ||||||
| Level | Trivial Change | ||||||
| Class | New Feature | ||||||
| Compatibility | Compatible - no manual interaction needed | ||||||
| Checkmk versions & editions |
|
The Check HTTP web service rule now includes an option to enable TLS compatibility mode. This mode uses a more permissive TLS backend (similar to cURL), which can help HTTP checks succeed when strict TLS negotiation fails.
Details: By default, check_httpv2 plugin uses a strict TLS stack (rustls) that enforces modern security standards. Enabling compatibility mode switches rustls TLS backend to native-tls, which is generally more lenient and compatible with a wider range of server configurations.
- Default: Disabled.
- When to use: Enable if your HTTP check fails with TLS/SSL errors but tools like cURL succeed.
- Effect: Switches the TLS stack to a less restrictive backend to improve handshake compatibility.
- Security note: Compatibility mode may accept weaker configurations than the strict default. Enable only if necessary.
How to enable: 1. Open the Check HTTP web service rule. 2. Edit the rule and enable the "Enable compatibility mode" option under "Connection buildup" -> "TLS version". 3. Save the rule.
If TLS errors persist after enabling, review the host’s TLS configuration and the check’s protocol/port settings.