[syslog-ng] Disabling SSLv3 with Syslog-NG
Lupo, Joseph
Joseph.Lupo at T-Mobile.com
Wed Aug 17 22:13:45 CEST 2016
I made the change as suggested and it is complaining:
source s_net {
network(ip('<our IP>') port(<our port>)
transport("tls")
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted)
ssl-options(no-sslv2, no-sslv3, no-tlsv1)
)
);
};
I got the following error when I tried to start it:
-bash-4.1$ sudo service sys-ng1 start
syslog-ng service starting.
Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /opt/splunk/usr/local/etc/syslog-ng.conf at line 49, column 9:
ssl-options(no-sslv2, no-sslv3, no-tlsv1)
^^^^^^^^^^^
syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng
From: <syslog-ng-bounces at lists.balabit.hu> on behalf of "thejaguar at tutanota.de" <thejaguar at tutanota.de>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Tuesday, August 16, 2016 at 5:53 PM
To: Joe Lupo <Joseph.Lupo at T-Mobile.com>
Cc: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Disabling SSLv3 with Syslog-NG
its part of tls options so
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted)
ssl-options(no-sslv3,no-tlsv1)
)
);
The Jaguar
16. Aug 2016 12:13 by Joseph.Lupo at T-Mobile.com<mailto:Joseph.Lupo at T-Mobile.com>:
The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?
The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.
source s_net {
network(ip('<our IP>') port(<our port>)
transport("tls")
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted))
);
};
______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160817/d00c321b/attachment.htm
More information about the syslog-ng
mailing list