______________________________________________________________________________Hi Raghu,
Currently we are not sending SNI extension in the Client Hello message.However, I made a PR to implement this: https://github.com/balabit/syslog-ng/pull/2930
Can you build syslog-ng from source? It would be great, if you tested the PR.
Best regards,Attila
From: syslog-ng <syslog-ng-bounces@lists.balabit.hu> on behalf of Raghunath Adhyapak <funduraghu@gmail.com>
Sent: Tuesday, September 17, 2019 9:05 AM
To: syslog-ng@lists.balabit.hu <syslog-ng@lists.balabit.hu>
Subject: [syslog-ng] Enable SNI (Server Name Identification) in TLS connectionCAUTION: This email originated from outside of the organization. Do not follow guidance, click links, or open attachments unless you recognize the sender and know the content is safe.
Hi,
I am using TLS over TCP connection to forward my syslog events to a remote server.My remote server uses SNI (Server Name Identification) to route connections/events to one of the available backend servers.
I observe that syslog-ng doesn't send SNI during TLS handshake.
How can I enable it?
My configuration is as follows:
===================================
source s_net { syslog(transport(udp) port(1514)); };
destination d_tcp {tcp(port(96)tls(peer-verify(required-untrusted)ca_dir("/etc/syslog-ng/ssl")key-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.key.pem")cert-file("/etc/syslog-ng/ssl/globaltest/XX.example.net.cert.pem")));};log {source(s_net);destination(d_tcp);};===================================
I want syslog-ng to send XX.example.net as SNI to my remote server
Please advise
ThanksRaghu
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq