Autossh tunnels + rsyslog for the win. Cheers,
JB Original Message From:[email protected] Sent:May 24, 2016 7:16 PM To:[email protected] Reply-to:[email protected] Subject:Re: [rsyslog] Setting TLS cipher suite / disabling RC4 On Tue, 24 May 2016, Micah Yoder wrote: > We have a PCI requirement to disable the RC4 cipher on our rsyslog TLS setup. > I for the life of me can not find a configuration option to set the cipher > suite. What am I missing? Unfortunantly, rsyslog's use of gnutls is very basic. It has very few options. If there is anyone who is a guru in this area, we could use a lot of knowlegeable help. Rsyslog trats the tls config as a black box providing the minimum config items needed to make things work. It's possible that the library honors environment veriables for some of these settings, if so you can work around the limits that way. Before rsyslog starting using gnutls, the work-around was to use stunnel and run the logging traffic through stunnel. This still works. Patches to improve the control over gnutls would be very much welcome, but the trouble if that there is already far too much confusion over getting it to work, so just adding all the possible config options with good explinations over what's what and when it should be used would only increase the confusion. Someone who really knows this library could probably identify a smallish subset of the options that we really should support and provide some sort of explination as to what they mean pretty easily. Unfortunatly this is why so many TLS related questions go unanswered for a while here on the list. David Lang _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
