[GTALUG] Pingdom's odd security choices

[Giles Orr]

We use Pingdom at work, and have been very happy with it.  They
provide a simple service, but they do it pretty well and generate good
statistics and graphs in the process.

But today I had an extraordinary experience: I switched two back-end
Nginx servers to TLS 1.3 only (the public accesses HAProxy servers
that front these servers still provide TLS 1.1, 1.2, and 1.3).  And
the instant I did, Pingdom declared both of them down.  They were
demonstrably up.  So I emailed Pingdom, and got this rather
astonishing response:

"Thanks for contacting us!"

"I'm afraid that at the moment we don't support TLS 1.3"

"I will however tag this up as a feature request for future
development, although I can not give an ETA on when it'll become
available. We do also have a public forum available here where feature
requests can be submitted for product management to read!"

As I replied back to them, TLS 1.3 is available in all the major
browsers AND all the major web servers.   Don't make me choose between
security and my alerting system ...

I'm not really looking for replies here (although I'd be interested if
anyone does).  I was just so gobsmacked by this I wanted to share -
and warn people that Pingdom may not be keeping up with the times.

-- 
Giles
https://www.gilesorr.com/
gilesorr at gmail.com