Mailing List Archive

First stupid question - are you sure you're using GnuTLS? As I see -
Debian's rsyslog package suggests either rsyslog-gnutls or
rsyslog-openssl so you might have installed "the other one".

Anyway, as far as I remember the TLS-specific settings are mostly passed
through to the TLS library and tend to - if they do - fail relatively
silently. I mean - the misconfiguration of the tls.tlscfgcmd, for
example, gives an error in the log that applying the settings failed and
then the socket gets created with some default options. So check your
logs for any messages related to TLS configuration.

MK

On 20.04.2022 19:12, kathy lyons via rsyslog wrote:
> I'm trying to set up TLS 1.3 for rsyslog on Debian 10 system. The default
> rsyslog on Deb 10 is 8.2102. I've tried to use TLS by inserting this in a
> file in rsyslog.d/tls.conf on my client:
>
> module(load="imtcp"
> StreamDriver.mode="1"
> StreamDriver.authmode="anon"
> gnutlsprioritystring="SECURE128:-VERS-TLS-ALL:+VERS-TLS1.3"
> )
>
> When I tcpdump rsyslog, it still shows TLS1.2 What else do I have to
> change?
> TIA.
> _______________________________________________
> rsyslog mailing list
> https://lists.adiscon.net/mailman/listinfo/rsyslog
> http://www.rsyslog.com/professional-services/
> What's up with rsyslog? Follow https://twitter.com/rgerhards
> NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
_______________________________________________
rsyslog mailing list
https://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.