gtls Network Stream Driver
This network stream
driver implements a TLS protected transport via the GnuTLS
library.
Supported Driver Modes
- 0 - unencrypted trasmission (just like ptcp driver)
- 1 - TLS-protected operation
Note: mode 0 does not provide any benefit over the ptcp driver. This
mode exists for technical reasons, but should not be used. It may be
removed in the future.
Supported Authentication
Modes
- anon
- anonymous authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft
- x509/fingerprint
- certificate fingerprint authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft
- x509/name
- certificate validation and subject name authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft
[NOT YET IMPLEMENTED]
Note: "anon" does not permit to authenticate the remote peer. As such,
this mode is vulnerable to man in the middle attacks as well as
unauthorized access. It is recommended NOT to use this mode.
Known Problems
Even in x509/fingerprint mode, both the client and sever
certificate currently must be signed by the same root CA. This is an
artifact of the underlying GnuTLS library and the way we use it. It is
expected that we can resolve this issue in the future.
[rsyslog.conf overview]
[manual index] [rsyslog site]
This documentation is part of the
rsyslog
project.
Copyright © 2008 by Rainer
Gerhards and
Adiscon.
Released under the GNU GPL version 3 or higher.