On Wed, 1 Apr 2015 17:12:36 -0700 (PDT) David Lang <[email protected]> wrote:
> Rsyslog doesn't have a lot of options for configuring gnutls, so it's > whatever the default is for gnutls > see > http://www.rsyslog.com/doc/v8-stable/tutorials/tls_cert_summary.html Thanks. I'm asking since I created issue #274 "FIPS mode". FIPS mode requires that only a certified set of ciphers and algorithms are used. GnuTLS, as well as OpenSSL and NSS are supporting this. In some cases though, the application using those restricted libraries must also be aware of the same restrictions. For one, OpenSSL will squarely abort if asked to use a non-FIPS cipher while in FIPS mode. GnuTLS will not process the request. In turn it might mean that *if* rsyslog does not impose any ciphers and algorithms, then there would be no need to have a FIPS-compatible rsyslog, the restrictions being solely on the GnuTLS operating mode. The X.509 certificates used by rsyslog are within FIPS. Are there any other certificate type choices in rsyslog ? Do you think that in this circumstance, having a FIPS-compatible rsyslog would not be needed ? Regards. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
