[syslog-ng] How can I disable SSLv3 in syslog-ng 3.3.2 client config to sovle CVE-2014-3566(SSLv3 Fallback Vulnerabilit)?
bluebenben
bluebenben at 163.com
Wed Oct 29 02:16:25 CET 2014
Hi guys
In my project I am using syslog-ng as syslog client and send log via TLS.
We all know that recently there is one new security flaw which is Poodle(CVE-2014-3566 - SSLv3 Fallback Vulnerability)
This requires disabling SSLv3
I have checked admin guide of syslog-ng 3.3.2 but I am able to find the option
Could you please let me know the way?
Alternatively I think I may achieve the object by disable SSLv3 ciphers used by syslog-ng client
original ciphers used by us is
ALL:!SSLv2:!MEDIUM:!LOW:!EXP:!ADH:!ECDH:!PSK:!MD5:@STRENGTH
I may change it to
ALL:!SSLv3:!SSLv2:!MEDIUM:!LOW:!EXP:!ADH:!ECDH:!PSK:!MD5:@STRENGTH
Bug this will make syslog-ng only supports TLS1.2 and cause negative impact to interoperability
Thanks
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20141029/7b773825/attachment.htm
More information about the syslog-ng
mailing list