Re: [rsyslog] required version of openssl

Tue, 08 Oct 2019 04:08:58 -0700 

centos 6 has 1.0.1e (with lots of backports)
if I don't try to configure ciphers, is there a config that will work? or is the anon auth mode part of what requires this API? (or something like that) 

David Lang

On Tue, 8 Oct 2019, Andre Lorbach wrote:


Date: Tue, 8 Oct 2019 12:53:04 +0200
From: Andre Lorbach <alorb...@adiscon.com>
To: rsyslog-users <rsyslog@lists.adiscon.com>, David Lang <da...@lang.hm>
Cc: Rainer Gerhards <rgerha...@hq.adiscon.com>
Subject: RE: [rsyslog] required version of openssl

We need to use SSL_CONF_cmd API to set  custom ciphers and other options.
This API was added in OpenSSL 1.0.2, see the API documentation:
https://www.openssl.org/docs/man1.0.2/man3/SSL_CONF_cmd.html

CentOS 6 is probably using old OpenSSL 0.9.8 which does not support that
API.

Our testbench is skipping those tests when such an old OpenSSL Version is
being found.

Best regards,
Andre Lorbach



-----Original Message-----
From: rsyslog [mailto:rsyslog-boun...@lists.adiscon.com] On Behalf Of
Rainer Gerhards via rsyslog
Sent: Tuesday, October 8, 2019 10:03 AM
To: David Lang <da...@lang.hm>
Cc: Rainer Gerhards <rgerha...@hq.adiscon.com>; rsyslog-users
<rsyslog@lists.adiscon.com>
Subject: Re: [rsyslog] required version of openssl

side note: testbench has smaples, e.g.
https://github.com/rsyslog/rsyslog/blob/master/tests/imtcp-tls-ossl-error-
cert.sh

If you go to the tests dir, all tests with "ossl" in them use the openssl
TLS
driver.

HTH
Rainer

El mar., 8 oct. 2019 a las 9:54, Rainer Gerhards
(<rgerha...@hq.adiscon.com>) escribió:


Can you show your config line? Maybe what you try to set is actually
what requires the newer openSSL API.

Andre, can you step in here?

Rainer




_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com/professional-services/
What's up with rsyslog? Follow https://twitter.com/rgerhards
NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of 
sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE 
THAT.





















					Reply via email to