its part of tls options so tls( key-file("/usr/local/etc/hostcert.key")cert-file("/usr/local/etc/hostcert.pem") peer_verify(optional-untrusted)ssl-options(no-sslv3,no-tlsv1) ) ); The Jaguar 16. Aug 2016 12:13 by Joseph.Lupo@T-Mobile.com:
The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?
The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.
source s_net { network(ip('<our IP>') port(<our port>) transport("tls") tls( key-file("/usr/local/etc/hostcert.key") cert-file("/usr/local/etc/hostcert.pem") peer_verify(optional-untrusted)) ); };
Joe Lupo T-Mobile USA Principal Engineer, System Design & Strategy (973) 440-8768
______________________________________________________________________________ Member info: > https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: > http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: > http://www.balabit.com/wiki/syslog-ng-faq