On Tue, Aug 16, 2016 at 11:53 PM, <thejaguar@tutanota.de> wrote:

its part of tls options so

tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted)
ssl-options(no-sslv3,no-tlsv1)
)
);
The Jaguar

16. Aug 2016 12:13 by Joseph.Lupo@T-Mobile.com:

The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?

The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.

source s_net {
network(ip('<our IP>') port(<our port>)
transport("tls")
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted))
);
};

Joe Lupo
T-Mobile USA
Principal Engineer, System Design & Strategy
(973) 440-8768

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq

______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq