SNMP TLS with USM - is that a possibility

indrajeet · April 29, 2021, 8:45am

Hi,

I am exploring options of using TLS for SNMP, and I have this silly question. It may not be relevant or as per standard so excuse me for that.

Just wondering if we can have TLS only for encrypted communication over TCP and not use that for authentication - Something like a https communication without 2 way authentication or mutual TLS.
In that case probably authentication to be supported using USM model. I am thinking of this only for scenario’s where I don’t want to administer and configure trusted certificates between the agent and manager but just want to use TCP based TLS transport.

Is that a possibility and something that can be done via SNMP4J as a client/agent implementation?

Thankyou!

AGENTPP · April 29, 2021, 11:18pm

Technically you can use TLS instead of TCP but still use USM. But that is not possible with SNMP4J’s TLSTM, because that implements the RFC 6353 which enforces some type of authentication based on X500 certificates. Although that can be configured flexible it does not allow sending security model 3 (USM) messages.

indrajeet · April 30, 2021, 8:46am

Thanks for the quick feedback.