Is it possible to configure the minimum TLS version supported by rsyslog?
For eg., we would like an option to choose one of the following
TLS 1.0 ( this should allow TLS connection over version 1.0, 1.1,1.2 and future version)
TLS 1.1 ( this should allow TLS connection over version 1.1,1.2 and future version)
TLS 1.2 ( this should allow TLS connection over version 1.2 and future version)
I think by default it is supporting TLS1.0 as the minimum TLS version. Would like to know if this is configurable.
Best Answer
As of rsyslog 8.29, yes a gnutls priority string is configurable. An example config loading the module is in the test suite.
No built-in single keyword exists that restrict both the ciphers and the protocol to say TLS 1.2+. You might take a keyword you like and remove the broken things, such as by appending
:-VERS-SSL3.0:-VERS-DTLS1.0:-VERS-TLS1.0:-VERS-TLS1.1
.This is just for rsyslog. Repeat for other applications using gnutls.