Which version of syslog-ng support TLS1.2?
We are using using syslog-ng 3.2.5 and I and trying to figure out how to configure it to use TLS1.2 rather than the TLS1.1. It is working for TLS1.1 but not for connections using TLS1.2, this is a snippet from our config file. source s_waf { tcp(ip(xx.xx.xx.xx) port(xxxx) tls( key_file("/opt/syslog-ng/etc/certs/mux/privateKey.key") cert_file("/opt/syslog-ng/etc/certs/mux/splcollect-01.pem")) ); }; What versions of syslog-ng supports TLS1.2? The version we are using was the latest RH rpm I could find syslog-ng-3.2.5-4.el6.x86_64.rpm I would rather not compile it as it looks like most of the dependencies are also not rpms. Mark Mulligan Assoc Systems Engineer LL Bean Inc. Ext 25077 Cell 249-3823
Hi, "Mark Mulligan" <MMulligan@llbean.com> írta 2016-08-24 15:57-kor:
We are using using syslog-ng 3.2.5 and I and trying to figure out how to configure it to use TLS1.2 rather than the TLS1.1.
It is working for TLS1.1 but not for connections using TLS1.2, this is a snippet from our config file.
How did you concluded that? What is the underlying openssl lib's version number? As far as I remember, without any extra config / modification, it use what the underlying lib uses, and that agrees on the latest protocol what both sides support. Later syslog-ng versions just bring in a new extra option, to set ssl flag, specifically for disabling specific ssl versions. That is the ssl-options which appeared in the syslog-ng 3.7 (?), and was later backported to the 3.6 line. There were also some discussion here about this topic, just some days ago. Cheers, Gyu
Hi, You can find newer rpm packages at https://copr.fedorainfracloud.org/coprs/czanik/ Regards, Robert On Wed, Aug 24, 2016 at 6:33 PM, PÁSZTOR György < pasztor@linux.gyakg.u-szeged.hu> wrote:
Hi,
"Mark Mulligan" <MMulligan@llbean.com> írta 2016-08-24 15:57-kor:
We are using using syslog-ng 3.2.5 and I and trying to figure out how to configure it to use TLS1.2 rather than the TLS1.1.
It is working for TLS1.1 but not for connections using TLS1.2, this is a snippet from our config file.
How did you concluded that? What is the underlying openssl lib's version number? As far as I remember, without any extra config / modification, it use what the underlying lib uses, and that agrees on the latest protocol what both sides support. Later syslog-ng versions just bring in a new extra option, to set ssl flag, specifically for disabling specific ssl versions. That is the ssl-options which appeared in the syslog-ng 3.7 (?), and was later backported to the 3.6 line. There were also some discussion here about this topic, just some days ago.
Cheers, Gyu ____________________________________________________________ __________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/? product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq
participants (3)
-
Fekete, Róbert
-
Mark Mulligan
-
PÁSZTOR György