Thx - could you open an issue tracker at github? Sent from phone, thus brief. Am 19.03.2015 11:29 schrieb "[email protected]" <[email protected]>:
> On Thu, 5 Mar 2015 16:49:03 +0100 > Rainer Gerhards <[email protected]> wrote: > > > 2015-03-05 11:42 GMT+01:00 [email protected] > > <[email protected]>: > > > > > Hello, > > > > > > Does rsyslog support FIPS mode when doing secure remote > > > syslogging ? GnuTLS can be put into FIPS mode although the > > > application itself should not try to use non-FIPS approved > > > algorithms. Is there such an option for rsyslog ? > > > > > > > > I don't think so, but if you provide details on how to do that, it can > > probably be quickly added. If I need to research, it will take waaaay > > longer. > > Hello, > > It basically consists of restricting to the ciphers available in GnuTLS > while GnuTLS runs in FIPS mode. GnuTLS can output the list of > available ciphers. This is the list below (also in gzip, attached, in > case of formatting problems). > > TLS_ECDHE_ECDSA_AES_128_GCM_SHA256 > TLS_ECDHE_ECDSA_AES_256_GCM_SHA384 > TLS_ECDHE_ECDSA_AES_128_CBC_SHA1 > TLS_ECDHE_ECDSA_AES_128_CBC_SHA256 > TLS_ECDHE_ECDSA_AES_256_CBC_SHA1 > TLS_ECDHE_ECDSA_AES_256_CBC_SHA384 > TLS_ECDHE_ECDSA_3DES_EDE_CBC_SHA1 > TLS_ECDHE_RSA_AES_128_GCM_SHA256 > TLS_ECDHE_RSA_AES_256_GCM_SHA384 > TLS_ECDHE_RSA_AES_128_CBC_SHA1 > TLS_ECDHE_RSA_AES_128_CBC_SHA256 > TLS_ECDHE_RSA_AES_256_CBC_SHA1 > TLS_ECDHE_RSA_AES_256_CBC_SHA384 > TLS_ECDHE_RSA_3DES_EDE_CBC_SHA1 > TLS_RSA_AES_128_GCM_SHA256 > TLS_RSA_AES_256_GCM_SHA384 > TLS_RSA_AES_128_CBC_SHA1 > TLS_RSA_AES_128_CBC_SHA256 > TLS_RSA_AES_256_CBC_SHA1 > TLS_RSA_AES_256_CBC_SHA256 > TLS_RSA_3DES_EDE_CBC_SHA1 > TLS_DHE_RSA_AES_128_GCM_SHA256 > TLS_DHE_RSA_AES_256_GCM_SHA384 > TLS_DHE_RSA_AES_128_CBC_SHA1 > TLS_DHE_RSA_AES_128_CBC_SHA256 > TLS_DHE_RSA_AES_256_CBC_SHA1 > TLS_DHE_RSA_AES_256_CBC_SHA256 > TLS_DHE_RSA_3DES_EDE_CBC_SHA1 > TLS_DHE_DSS_AES_128_GCM_SHA256 > TLS_DHE_DSS_AES_256_GCM_SHA384 > TLS_DHE_DSS_AES_128_CBC_SHA1 > TLS_DHE_DSS_AES_128_CBC_SHA256 > TLS_DHE_DSS_AES_256_CBC_SHA1 > TLS_DHE_DSS_AES_256_CBC_SHA256 > TLS_DHE_DSS_3DES_EDE_CBC_SHA1 > > Certificate types: CTYPE-X.509 > > Protocols: VERS-TLS1.2, VERS-TLS1.1, VERS-TLS1.0, VERS-SSL3.0, > VERS-DTLS1.2, VERS-DTLS1.0 > > Compression: COMP-NULL > > Elliptic curves: CURVE-SECP256R1, CURVE-SECP384R1, CURVE-SECP521R1, > CURVE-SECP224R1, CURVE-SECP192R1 > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
