[syslog-ng] Enable TLS encryption
Szalai, Attila
Attila.Szalai at morganstanley.com
Thu Jan 5 10:04:40 UTC 2017
Hi, Sorry, to “reopen” an old thread, but theoretically syslog-ng would be able to use tls with udp connections.
This is called DTLS and defined in rfc4347. And openssl also support it. (But that is right, that syslog-ng currently does no support it.)
From: syslog-ng [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Scheidler, Balázs
Sent: Tuesday, November 22, 2016 8:22 PM
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] Enable TLS encryption
Your conclusion is correct. It cannot.
On Nov 22, 2016 5:23 PM, "PÁSZTOR György" <pasztor at linux.gyakg.u-szeged.hu<mailto:pasztor at linux.gyakg.u-szeged.hu>> wrote:
Hi,
"Scheidler, Balázs" <balazs.scheidler at balabit.com<mailto:balazs.scheidler at balabit.com>> írta 2016-11-22 17:38-kor:
> Thats a completely different matter, OpenVPN has its own tcp-like substrate
> running on top of UDP, and not TLS running on UDP.
Ah. So, that is openvpn specific?
I didn't dig into the code. I thought openssl has it's own layer to
establish a "connection" even over udp.
So the conclusion is that, syslog-ng can not run tls over udp?
Cheers,
Gyu
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
________________________________
NOTICE: Morgan Stanley is not acting as a municipal advisor and the opinions or views contained herein are not intended to be, and do not constitute, advice within the meaning of Section 975 of the Dodd-Frank Wall Street Reform and Consumer Protection Act. If you have received this communication in error, please destroy all electronic and paper copies and notify the sender immediately. Mistransmission is not intended to waive confidentiality or privilege. Morgan Stanley reserves the right, to the extent permitted under applicable law, to monitor electronic communications. This message is subject to terms available at the following link: http://www.morganstanley.com/disclaimers If you cannot access these links, please notify us by reply message and we will send the contents to you. By communicating with Morgan Stanley you consent to the foregoing and to the voice recording of conversations with personnel of Morgan Stanley.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.balabit.hu/pipermail/syslog-ng/attachments/20170105/3f809ba2/attachment.html>
More information about the syslog-ng
mailing list