[syslog-ng] Disabling SSLv3 with Syslog-NG

[Lupo, Joseph]

The syslog-ng documentation is very unclear.  Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?

The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.

source s_net {
network(ip('<our IP>') port(<our port>)
        transport("tls")
        tls( key-file("/usr/local/etc/hostcert.key")
        cert-file("/usr/local/etc/hostcert.pem")
        peer_verify(optional-untrusted))
    );
};

Joe Lupo
T-Mobile USA
Principal Engineer, System Design & Strategy
(973) 440-8768