
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

To the other question: It will be merged on the master branch probably in a week.</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);">

Attila</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Attila Szakacs (aszakacs) <Attila.Szakacs@oneidentity.com><br>

<b>Sent:</b> Wednesday, September 18, 2019 1:28 PM<br>

<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>

<b>Subject:</b> Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection</font>

<div> </div>

</div>

<style type="text/css" style="display:none">

<!--

p

        {margin-top:0;

        margin-bottom:0}

-->

</style>

<div dir="ltr">

<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">

<span style="color:#9C6500; font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>

<br>

<div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Hi Raghu,</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

You are welcome! Thanks for the good idea.</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

If everything goes well, this feature will be released in version 3.24, in 3-4 weeks.</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

The packaging happens at the same time, you will find the 3.24 installer at <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdownload.opensuse.org%2Frepositories%2Fhome%3A%2Flaszlo_budai%3A%2Fsyslog-ng%2F&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090791204&sdata=H%2BQFpJOnTdhGOgMiXXimyDRJRsJMs3ABr3MNdUZ0h%2BY%3D&reserved=0" originalsrc="https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/" shash="hWMSbpExt7AUiWdeVKSgloulBTYym84z1hYcDzOufZvzu5Bo/9o4KdxJLinlx2zbwueoSkxdJrPsC8btN+HgGZzOIRrN5vrbjIo2QBYlRMWryjjFk4DewT1a/h+pBA2BfVq610diUikdqJ8g0G/PaAVd+RqjjBsAa0lF732Ww7g=" style="">https://download.opensuse.org/repositories/home:/laszlo_budai:/syslog-ng/</a></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Best regards,</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Attila</div>

<div id="x_appendonsend"></div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com><br>

<b>Sent:</b> Wednesday, September 18, 2019 12:50 PM<br>

<b>To:</b> Syslog-ng users' and developers' mailing list <syslog-ng@lists.balabit.hu><br>

<b>Subject:</b> Re: [syslog-ng] Enable SNI (Server Name Identification) in TLS connection</font>

<div> </div>

</div>

<div>

<div style="background-color:#FFEB9C; width:100%; border-style:solid; border-color:#9C6500; border-width:1pt; padding:2pt; font-size:10pt; line-height:12pt; font-family:'Calibri'; color:Black; text-align:left">

<span style="color:#9C6500; font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>

<br>

<div>

<div dir="ltr">Hi Atilla,

<div><br>

</div>

<div>I updated the code, compiled it and tested the changes.</div>

<div>The changes works as expected.</div>

<div>Thanks for the addressing the issue in such a short time.</div>

<div><br>

</div>

<div>Follow-up question:</div>

<div>When will this change get merged into the master branch?</div>

<div>Also, when will this get packaged in Debian package?</div>

<div><br>

</div>

<div>Thanks</div>

<div>Raghu</div>

</div>

<br>

<div class="x_x_gmail_quote">

<div dir="ltr" class="x_x_gmail_attr">On Tue, Sep 17, 2019 at 4:27 PM Attila Szakacs (aszakacs) <<a href="mailto:Attila.Szakacs@oneidentity.com">Attila.Szakacs@oneidentity.com</a>> wrote:<br>

</div>

<blockquote class="x_x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left-width:1px; border-left-style:solid; border-left-color:rgb(204,204,204); padding-left:1ex">

<div dir="ltr">

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Hi Raghu,</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Currently we are not sending SNI extension in the Client Hello message.</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

However, I made a PR to implement this: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fbalabit%2Fsyslog-ng%2Fpull%2F2930&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090801199&sdata=qiNjqj135bbtxUw1tnMaMMhhvYT2fpdfbOWXMV64Mts%3D&reserved=0" originalsrc="https://github.com/balabit/syslog-ng/pull/2930" shash="SZrj27uuQTJmJcJN1S2VnDhRhO+2LH9IIJ5ylW58ZDrZUYR0w/3gZ+8r228O71pa9/aiinPFltpq+VNWIm3pe/rzdQ3RRjKoIq9sq3br1HTucwPMYltmUvI1jQyXyrfNnPRo4XFTrW89+iVYu1qtDnpwgqO5QdT3/YwSy33VIxw=" originalsrc="https://github.com/balabit/syslog-ng/pull/2930" shash="ZhIbSqT8372eq7OuiCg9gRiqDcGwAei+9HIjctPQbQ1wthmKeZpcpQ5i2q+4geiw5BcZCbHA+t3W0lxPumLHMn5h0y/vubtOS5Boc7BjUBxCJx45paPgtdcfNhZuNzWi1r9sAXXH8YZudvGam7F6z0euGl8mwYRsXb/9v+lgaaY=" target="_blank">https://github.com/balabit/syslog-ng/pull/2930</a></div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Can you build syslog-ng from source? It would be great, if you tested the PR.</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Best regards,</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0); background-color:rgb(255,255,255)">

Attila</div>

<div id="x_x_gmail-m_2697251644428849068appendonsend"></div>

<hr style="display:inline-block; width:98%">

<div id="x_x_gmail-m_2697251644428849068divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> syslog-ng <<a href="mailto:syslog-ng-bounces@lists.balabit.hu" target="_blank">syslog-ng-bounces@lists.balabit.hu</a>>

 on behalf of Raghunath Adhyapak <<a href="mailto:funduraghu@gmail.com" target="_blank">funduraghu@gmail.com</a>><br>

<b>Sent:</b> Tuesday, September 17, 2019 9:05 AM<br>

<b>To:</b> <a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a> <<a href="mailto:syslog-ng@lists.balabit.hu" target="_blank">syslog-ng@lists.balabit.hu</a>><br>

<b>Subject:</b> [syslog-ng] Enable SNI (Server Name Identification) in TLS connection</font>

<div> </div>

</div>

<div>

<div style="background-color:rgb(255,235,156); width:100%; border:1pt solid rgb(156,101,0); padding:2pt; font-size:10pt; line-height:12pt; font-family:Calibri; color:black; text-align:left">

<span style="color:rgb(156,101,0); font-weight:bold">CAUTION:</span> This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.</div>

<br>

<div>

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">

<div dir="ltr">Hi,

<div><br>

</div>

<div>I am using TLS over TCP connection to forward my syslog events to a remote server.</div>

<div>My remote server uses SNI (Server Name Identification) to route connections/events to one of the available backend servers.</div>

<div><br>

</div>

<div>I observe that syslog-ng doesn't send SNI during TLS handshake.</div>

<div><br>

</div>

<div>How can I enable it?</div>

<div><br>

</div>

<div>My configuration is as follows:</div>

<div><br>

</div>

<div><span style="color:rgb(0,0,0); font-size:medium">===================================</span><br>

</div>

<div>source s_net { syslog(transport(udp) port(1514)); };<br>

</div>

<div>

<div>destination d_tcp {</div>

<div>        tcp(</div>

<div>                "<a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.example.net&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090801199&sdata=kKc2XxSr%2FnS%2BbFmSCXXqka9t17oLsCrDmViLjQdQfQI%3D&reserved=0" originalsrc="http://XX.example.net" shash="xOFUo7zlzYCWiN21crsuWBz9RULdErMiFqoTK/B/Wv3CmoSxniUDfBCC61HyyN8yK1h3y12qtxFuFhJ3BzxrLBOvF0g/XVSEfNIPx5AzbmSXPqZLVAiCtnfSiZAf0LrRhpDQhDfC9OW9F0Q13U1asuhO1o9PoZnlbGyDqM1Bd2Q=" originalsrc="http://XX.example.net" shash="TLxZ/XnKNs/U8IfCvPZPvPSXkudECkmcZMwnz3OoxJpd/lqqDwJpI2BzI5RQYZnqGgePGyYxfDtmKmQfj10CU1yVavtdFBePc/RnVoI9eYpYwTwnlnci62sc9M8ShfqlVpaCVu5dnY8Y2aaZxO/BD2BvSozUmUnwq3nlVCCH0f0=" target="_blank">XX.example.net</a>"</div>

<div>                port(96)</div>

<div>                tls(</div>

<div>                        peer-verify(required-untrusted)</div>

<div>                        ca_dir("/etc/syslog-ng/ssl")</div>

<div>                        key-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.key.pem")</div>

<div>                        cert-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.cert.pem")</div>

<div>                  )</div>

<div>        );</div>

<div>};</div>

</div>

<div>

<div>log {</div>

<div>        source(s_net);</div>

<div>        destination(d_tcp);</div>

<div>};</div>

</div>

<div>===================================</div>

<div><br>

</div>

<div>I want syslog-ng to send <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2FXX.example.net&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090811194&sdata=OMGWyTrbUz5J40CVui56wWoLSzbSQXj7EcWzQGNDKQc%3D&reserved=0" originalsrc="http://XX.example.net" shash="xAS4CXmTV0I/mT4cIvCroiez+gpVVvt+npZ2gt7oP4FFZ7EymQ/lhaWNPRktYs4JuQbXtPfWeJnk0PhmXaotWY90tzYgVDciUUGott5C36MA51XiTgpMzSGBYrFK3JaOhoB0xEGo78KJLvH15W0fkSMoshE6LAN95eAki5QBtp0=" originalsrc="http://XX.example.net" shash="TLxZ/XnKNs/U8IfCvPZPvPSXkudECkmcZMwnz3OoxJpd/lqqDwJpI2BzI5RQYZnqGgePGyYxfDtmKmQfj10CU1yVavtdFBePc/RnVoI9eYpYwTwnlnci62sc9M8ShfqlVpaCVu5dnY8Y2aaZxO/BD2BvSozUmUnwq3nlVCCH0f0=" target="_blank">

XX.example.net</a> as SNI to my remote server</div>

<div><br>

</div>

<div>Please advise</div>

<div><br>

</div>

<div>Thanks</div>

<div>Raghu</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

</div>

______________________________________________________________________________<br>

Member info: <a href="https://nam05.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.balabit.hu%2Fmailman%2Flistinfo%2Fsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090821195&sdata=bYI0oeeeoLjifgXSlm8%2BUfaAMEk%2FPuOqo966%2FaOCRMI%3D&reserved=0" originalsrc="https://lists.balabit.hu/mailman/listinfo/syslog-ng" shash="vNWGbVUuG8UAY+cr1q9pt+96tRNkw7hx1Q6jQGOoAyC8UN+GVU2gQ+PD5GpdWuLqqHdBhefD7rDwQayAPeT31Y+fk8526c63g44jxNUUL7MO60Ysykb/mr2BU3b+PE3/XU0mfYqblMOSiYza/wMoG9asNAMSRId+sqH88b8hK18=" originalsrc="https://lists.balabit.hu/mailman/listinfo/syslog-ng" shash="YRey3N5OO1PpBwwgK3i2Vm6xa9hFLGka971MMrNv4nXWG4DyCy54WCtSclVYII2w/mgbdIfNy2F+xTYcJzZxZfqjtDUxS+cpdMm1aVNkx7jDEuNo3nT0szLvNEvmbgCEKnY78wdbaP0X51/clv7ZwCUB9xYdI257/CKbb5rrb38=" rel="noreferrer">

https://lists.balabit.hu/mailman/listinfo/syslog-ng</a><br>

Documentation: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fsupport%2Fdocumentation%2F%3Fproduct%3Dsyslog-ng&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090821195&sdata=ZJda2Cox1NHyYkmtThHPC0nu6HIdQ9LK7oJqDXHb4CM%3D&reserved=0" originalsrc="http://www.balabit.com/support/documentation/?product=syslog-ng" shash="Bgrx+mV299YyobOk5wBibcknjajG5b6jg7TS3CDdmeRORfUkGovokzr6ElVVROEtr8xYoVVruE+6OpohDT2b4vxpV4dLR2OUA6MKMQNiXlmmTVHwE6XAoodV5NDazExxj7kcJrE7NmUvyM8EoUfdhhgQdHCDDm35DdrlngfsAPw=" originalsrc="http://www.balabit.com/support/documentation/?product=syslog-ng" shash="eM/a6+R+5LgpPlrr2M0n4n29/CUoe6I8tqtWl+KCKt0a3g/dBY/EAWE1HAvxyrZaTzSqanWLyBkvLlf3wQqOZTIeM4iVJPU8sehjqOoac5jiWfsVZtg/VKozAdDo19Yxue7wfth9OS+jEWigGivac2atcBn/EDD/dX+kkj0TxLE=" rel="noreferrer">

http://www.balabit.com/support/documentation/?product=syslog-ng</a><br>

FAQ: <a href="https://nam05.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.balabit.com%2Fwiki%2Fsyslog-ng-faq&data=02%7C01%7CAttila.Szakacs%40oneidentity.com%7C9a139415a6fc4def5c9208d73c2b528e%7C91c369b51c9e439c989c1867ec606603%7C0%7C0%7C637044029090831186&sdata=yVv8HfegV4%2B0g1U2XAsWXRc1CxRVEJ7chniTvJdizMU%3D&reserved=0" originalsrc="http://www.balabit.com/wiki/syslog-ng-faq" shash="W6wd4N9IduQWaZNFaE5AqrkiSWLKPRyhkbZxlkbBq5A5d2gJPvEcR5G8KMo2PjkseTFmX2ni1twWqELWB6MYcgSRD4Q8Eu9mNeNLvJo9VixuqlFYuvyW2UDKqXWzNKh68XKmapdNFTHRXPZLfxUM7+USdDjR0YcCurhpH7AhuME=" originalsrc="http://www.balabit.com/wiki/syslog-ng-faq" shash="nLdEfBhT3aMAO77r6VDAjphmpH6BI+DuqjSJZLeZNH6/OKVLafGgwnW3EqfqCTsHJRyCyc4H4L25b763rutdPNVSoSjlQSE/yZrLCnUou7nFX4hN7Ne3/S3o47NTK8D9tH2PARu4xvQ7n+d5Lg84heYDLToHv9C86cg5Hay5zP8=" rel="noreferrer" target="_blank">

http://www.balabit.com/wiki/syslog-ng-faq</a><br>

<br>

</blockquote>

</div>

</div>

</div>

</div>

</div>

</body>

</html>