[syslog-ng] Disabling SSLv3 with Syslog-NG

Lupo, Joseph Joseph.Lupo at T-Mobile.com
Wed Aug 17 22:13:45 CEST 2016 

I made the change as suggested and it is complaining:
source s_net {
network(ip('<our IP>') port(<our port>)
transport("tls")
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted)
ssl-options(no-sslv2, no-sslv3, no-tlsv1)
)
);
};

I got the following error when I tried to start it:

-bash-4.1$ sudo service sys-ng1 start
syslog-ng service starting.
Error parsing afsocket, syntax error, unexpected LL_IDENTIFIER, expecting ')' in /opt/splunk/usr/local/etc/syslog-ng.conf at line 49, column 9:

        ssl-options(no-sslv2, no-sslv3, no-tlsv1)
        ^^^^^^^^^^^

syslog-ng documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
mailing list: https://lists.balabit.hu/mailman/listinfo/syslog-ng


From: <syslog-ng-bounces at lists.balabit.hu> on behalf of "thejaguar at tutanota.de" <thejaguar at tutanota.de>
Reply-To: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Date: Tuesday, August 16, 2016 at 5:53 PM
To: Joe Lupo <Joseph.Lupo at T-Mobile.com>
Cc: Syslog-ng users' and developers' mailing list <syslog-ng at lists.balabit.hu>
Subject: Re: [syslog-ng] Disabling SSLv3 with Syslog-NG

its part of tls options so

tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted)
ssl-options(no-sslv3,no-tlsv1)
)
);
The Jaguar

16. Aug 2016 12:13 by Joseph.Lupo at T-Mobile.com<mailto:Joseph.Lupo at T-Mobile.com>:
The syslog-ng documentation is very unclear. Where would we put the ssl-options(no-sslv2, no-sslv3, no-tlsv1) entry for disabling sslv2, sslv3 and tlsv1?

The following works for enabling TLS on our host, but I can’t figure out where to insert the ssl-options.

source s_net {
network(ip('<our IP>') port(<our port>)
transport("tls")
tls( key-file("/usr/local/etc/hostcert.key")
cert-file("/usr/local/etc/hostcert.pem")
peer_verify(optional-untrusted))
);
};



______________________________________________________________________________
Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng
Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng
FAQ: http://www.balabit.com/wiki/syslog-ng-faq
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20160817/d00c321b/attachment.htm

More information about the syslog-ng mailing list