Hi, thank you for the information. This is a bug. At the moment priorityString is only set when rsyslog acts as the client, but not when it acts as the server. Therefore it is always using sslv3.0 regardless what you configure.
I will try to fix this. 2017-08-15 20:40 GMT+02:00 Ryan Ward <ryan.w...@gliacelltechnologies.com>: > Hi I'm interested in the gnutlspriority string for imtcp. Any guidance on > how to set it up? Do you simply add gnutlsprioritystring to the module > statement as an example: > > module(load="imtcp" StreamDriver="1" StreamDriver.authmode="x509/name" > gnutlsprioritystring= > "SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE") > > I see this in debug > rainerscript.c: name: 'gnutlsPriorityString', value > 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' > rainerscript.c nvlstGetParam: name 'gnutlsprioritystring', type 14, > valnode->bUsed 0 > rainerscript.c: gnutlsprioritystring: > 'SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE' > tcpsrv.c stcsrv: gnutlsPriorityString set to > SECURE128:+VERS-TLS-ALL:-VERS-TLS1.0:-VERS-SSL3.0:+COMP-DEFLATE > > I've tried a bunch of different priority strings. With no luck I even put > in thisisatest and didn't receive any gnu error or validation errors. I've > been testing connecting with gnutls-cli passing --priority > "SECURE:-VERS-TLS-ALL:+VERS-SSL3.0:COMP-DEFLATE" and regardless of what I > set in gnutlsprioritystring its connecting with sslv3.0. Am I missing > something? > > Thanks > Ryan > > On Tue, Aug 8, 2017 at 11:32 AM, Florian Riedl <fri...@adiscon.com> wrote: > > > Hi all, > > > > We have released rsyslog 8.29.0. > > > > This release features a number of changes. E.g. imptcp now has an > > experimental parameter for multiline messages, and new statistics > > counters. > > > > Most notably though, is the improved error reporting in the rsyslog > > core and in several modules like imtcp, imptcp, omfwd and the core > > modules. There is also an article available about the > > improved/enhanced error reporting: > > > > https://www.linkedin.com/pulse/improving-rsyslog-debug- > output-jan-gerhards > > > > If you have questions or feedback in relation to the article and/or > > debug output, please let us know or leave a comment below the article. > > > > Other than that, the new version provides quite a number of bugfixes. > > > > For a complete list of changes, fixes and enhancements, please visit > > the ChangeLog. > > > > The packages will follow when they are finished. > > > > ChangeLog: > > > > https://github.com/rsyslog/rsyslog/blob/v8-stable/ChangeLog > > > > Download: > > > > http://www.rsyslog.com/downloads/download-v8-stable/ > > > > As always, feedback is appreciated. > > > > Best regards, > > Florian Riedl > > _______________________________________________ > > rsyslog mailing list > > http://lists.adiscon.net/mailman/listinfo/rsyslog > > http://www.rsyslog.com/professional-services/ > > What's up with rsyslog? Follow https://twitter.com/rgerhards > > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > > DON'T LIKE THAT. > > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards > NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > DON'T LIKE THAT. > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
