Chandra Teja
Reputation: 1
Rsyslog Client hello message showing Too many ciphers when used tls connection
I have configured rsyslog over tls. My client hello message sending too many ciphers:
Tried using debian machines and Redhat 8 Machines both resulted in same way.
rsyslog version: 8.2404 gnutls - 3.7.1
Server config:
$DefaultNetstreamDriver gtls
$DefaultNetstreamDriverCAFile /etc/rsyslog-keys/ca.pem
$DefaultNetstreamDriverCertFile /etc/rsyslog-keys/server-cert.pem
$DefaultNetstreamDriverKeyFile /etc/rsyslog-keys/server-key.pem
$ModLoad imtcp
$InputTCPServerStreamDriverMode 1
$InputTCPServerStreamDriverAuthMode anon
$InputTCPServerRun 6514
Client config:
$DefaultNetstreamDriverCAFile /etc/pki/tls/private/ca.pem
$DefaultNetstreamDriverCertFile /etc/pki/tls/private/client-cert.pem
$DefaultNetstreamDriverKeyFile /etc/pki/tls/private/client-key.pem
$DefaultNetStreamDriver gtls
$ActionSendStreamDriverMode 1
$ActionSendStreamDriverAuthMode anon
*.* @@<ip>:6514
Exposing 31 cipher suites, even when many config changes done.
How to limit those ciphers to desired numbers?
Below is the wireshark showing 31 ciphersuites for tls client hellohandshake:
Tried many ways by updating rsyslog config, Gnutlsprioritystring etc nothing worked.
Upvotes: 0
Views: 63
Answers (0)
Related Questions
- TLS 1.2 handshake fails on Windows Server 2012 R2
- RSyslog Client With OpenSSL 1.0.2 Cipher Suites Configuration
- SSL Handshake fails in C# but works in postman
- Detecting / checking TLS version of a request
- Trying to setup TLS on Rsyslog server, s_client connects but gets no certs, hangs
- How to form TLS connection with RSA public/private keys and GnuTLS?
- rsyslog x509/certvalid requiring permitted peer