Chat now with support

Force TLSv1.2 in Syslog-ng PE (310577)

Return

Feedback submitted.

Was this article helpful?

[Select Rating]

Title

Force TLSv1.2 in Syslog-ng PE
Description

TLS version 1.2 is required for use in logging with Syslog-ng PE.
Cause

Vulnerabilities exist in version prior to TLS version 1.2.
Resolution

Currently, TLS version 1.2 is only supported in Syslog-ng PE version 7.

There is a workaround for forcing TLS version 1.2 in Syslog-ng PE version 6, however, this is unsupported.
In Version 7 of Syslog-ng PE use the following cipher_suite where the TLS option is defined within the Syslog-ng configuration:
cipher_suite("HIGH:!COMPLEMENTOFDEFAULT:!aNULL:!eNULL:!DHE-RSA-AES128-SHA:!DHE-RSA-AES256-SHA:!ECDHE-RSA-AES128-SHA:!ECDHE-RSA-AES256-SHA:!AES128-SHA:!AES256-SHA")
ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
In Version 6 of Syslog-ng PE use one of the following two cipher_suite statements where the TLS option is defined within the Syslog-ng configuration:
Possible Solution 1:
cipher_suite("TLSv1.2:!LOW:!aNULL:!ADH:!EXPORT:!SSLv2:!SSLv3:!DES:!RC4")
Possible Solution 2:
cipher_suite("ALL:!LOW:!aNULL:!ADH:!EXPORT:!SSLv2:!SSLv3:!DES:!RC4")

Feedback submitted.

Was this article helpful?

[Select Rating]

Request or Create a KB Article »

Leave a Comment

Recommended Content

Product(s):: syslog-ng Premium Edition
7.0.9, 7.0.8, 7.0.7, 7.0.6, 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.16, 7.0.14, 7.0.13, 7.0.12, 7.0.11, 7.0.10, 7.0.1, 6.0.9, 6.0.8, 6.0.7, 6.0.6, 6.0.5, 6.0.4, 6.0.3, 6.0.2, 6.0.17, 6.0.16, 6.0.15, 6.0.14, 6.0.13, 6.0.12, 6.0.11, 6.0.10, 6.0.1

Topic(s):: How To, Configuration, Troubleshooting

Article History:: Created on: 10/7/2019
Last Update on: 10/7/2019

Author:: Justin VanAusdall

Search All Articles

© 2019 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy