Hi, Try enabling debug output in rsyslog to see what actual tls error is happening. By default, it should be no problem to use anon ciphers if your authmode is anon.
Best regards, Andre Lorbach -- Adiscon GmbH Mozartstr. 21 97950 Großrinderfeld, Germany Ph. +49-9349-9298530 Geschäftsführer/President: Rainer Gerhards Reg.-Gericht Mannheim, HRB 560610 Ust.-IDNr.: DE 81 22 04 622 Web: www.adiscon.com - Mail: [email protected] Informations regarding your data privacy policy can be found here: https://www.adiscon.com/data-privacy-policy/ This e-mail may contain confidential and/or privileged information. If you are not the intended recipient or have received this e-mail in error please notify the sender immediately and delete this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und vernichten Sie diese E-Mail. Das unerlaubte Kopieren und die unbefugte Weitergabe dieser E-Mail sind nicht gestattet. > -----Ursprüngliche Nachricht----- > Von: rsyslog <[email protected]> Im Auftrag von Joonas > Tuomisto via rsyslog > Gesendet: Freitag, 12. Februar 2021 08:00 > An: [email protected] > Cc: Joonas Tuomisto <[email protected]> > Betreff: [rsyslog] RELP with TLS - authentication modes? > > Hi, > > I'm setting up centralized logging with rsyslog and RELP and I want to secure > things with TLS. > > However, it's not really clear to me what TLS authentication modes rsyslog / > RELP supports? > > Is server authentication only supported or is mutual authentication always > required? > > The documentation tutorials set up mutual authentication with client > certificates included, but I'm not sure if that is due to them being required or > just to provide a comprehensive example. > > On the imrelp documentation page at: > https://www.rsyslog.com/doc/v8-stable/configuration/modules/imrelp.html > > Under TLS.PermittedPeer it says: > --- > Peer places access restrictions on this listener. > Only peers which have been listed in this parameter may connect. > The validation bases on the certificate the remote peer presents. > --- > > To me it sounds like if you don't configure this, client authentication is not > required? But also... > > Under TLS.AuthMode it says: > --- > type | default | mandatory > ---------------------------- > string | none | no > > Sets the mode used for mutual authentication. > --- > > This sounds like the actual setting for mutual authentication... > > With this set to "none", I would assume mutual authentication is not > required? > > Currently without configuring certificates on clients my TLS handshakes are > failing and now I'm unsure if it's due to TLS library issues or due to client > certificates being required? > > It would be nice if mutual authentication is not required since the overhead > of creating certificates for every client is really big... > _______________________________________________ > rsyslog mailing list > https://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com/professional-services/ > What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: > This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond > our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT. _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
