Option to configure TLS version in rsyslog
Is it possible to configure the minimum TLS version supported by rsyslog?
For eg., we would like an option to choose one of the following
TLS 1.0 ( this should allow TLS connection over version 1.0, 1.1,1.2 and future version) TLS 1.1 ( this should allow TLS connection over version 1.1,1.2 and future version) TLS 1.2 ( this should allow TLS connection over version 1.2 and future version)
I think by default it is supporting TLS1.0 as the minimum TLS version. Would like to know if this is configurable.
As of rsyslog 8.29, yes a gnutls priority string is configurable. An example config loading the module is in the test suite.
No built-in single keyword exists that restrict both the ciphers and the protocol to say TLS 1.2+. You might take a keyword you like and remove the broken things, such as by appending :-VERS-SSL3.0:-VERS-DTLS1.0:-VERS-TLS1.0:-VERS-TLS1.1
.
This is just for rsyslog. Repeat for other applications using gnutls.