Had a quick look at code. If you uncomment gnutlsPriorityString="SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2"
it makes rsyslog require the SSL_CONF_CTX_set_flags() API, which in the code is guarded by #if OPENSSL_VERSION_NUMBER >= 0x10020000L So I guess that's the problem here. Andre knows the details (he has written it), but he is available only later today. Rainer El mar., 8 oct. 2019 a las 10:26, David Lang (<[email protected]>) escribió: > > as I say, a pretty simple config > > $DefaultNetstreamDriverCAFile /ews/security/rsyslog/ssl/certs/int2-ca.pem > $DefaultNetstreamDriverCertFile /etc/seceng-syslog-ng/ssl/cert.d/s.int.cer > $DefaultNetstreamDriverKeyFile /etc/seceng-syslog-ng/ssl/key.d/s.int.key > > > module(load="imtcp" > #StreamDriver.Name="gtls" > StreamDriver.Name="ossl" > StreamDriver.Mode="1" > StreamDriver.AuthMode="anon" > # gnutlsPriorityString="SECURE128:+SECURE192:-VERS-ALL:+VERS-TLS1.2" > ) > input(type="imtcp" > name="a-rsyslog" > port="6515" > ruleset="a" > ) > > > > > On Tue, 8 Oct 2019, Rainer Gerhards wrote: > > > Date: Tue, 8 Oct 2019 09:54:15 +0200 > > From: Rainer Gerhards <[email protected]> > > To: David Lang <[email protected]> > > Cc: rsyslog-users <[email protected]> > > Subject: Re: [rsyslog] required version of openssl > > > > Can you show your config line? Maybe what you try to set is actually > > what requires the newer openSSL API. > > > > Andre, can you step in here? > > > > Rainer > > > > El mar., 8 oct. 2019 a las 9:51, David Lang (<[email protected]>) escribió: > >> > >> hmm, it seems like a really simple config > >> > >> streamdriver ossl > >> mode 1 > >> authmode anon > >> and certs defined by the obsolete $foo parameters > >> > >> I tried setting the cipher, but wasn't able to get it working. > >> > >> is there an example of a working ossl config that someone can post? > >> > >> David Lang > >> > >> On Tue, 8 Oct 2019, Rainer Gerhards wrote: > >> > >>> Date: Tue, 8 Oct 2019 08:09:12 +0200 > >>> From: Rainer Gerhards <[email protected]> > >>> To: rsyslog-users <[email protected]> > >>> Cc: David Lang <[email protected]> > >>> Subject: Re: [rsyslog] required version of openssl > >>> > >>> This is fixed in 8.1910. the error message was actually a bug, it should > >>> only apoear if you use an unsupported and uncommon config parameter. > >>> > >>> Easier > >>> > >>> Sent from phone, thus brief. > >>> > >>> David Lang via rsyslog <[email protected]> schrieb am Mo., 7. Okt. > >>> 2019, 20:58: > >>> > >>>> when starting rsyslog 8.1908 on centos 6.10 it generates an error that > >>>> the > >>>> openssl api is too old > >>>> > >>>> what version of openssl is required? can the error message be modified to > >>>> say > >>>> that version rather than just 'too old'? (and can the rpm packaging list > >>>> the > >>>> version as a requirement?) > >>>> > >>>> David Lang > >>>> _______________________________________________ > >>>> rsyslog mailing list > >>>> http://lists.adiscon.net/mailman/listinfo/rsyslog > >>>> http://www.rsyslog.com/professional-services/ > >>>> What's up with rsyslog? Follow https://twitter.com/rgerhards > >>>> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad > >>>> of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you > >>>> DON'T LIKE THAT. > >>>> > >>> > > _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
