path: root/doc/ns_gtls.html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html><head><title>gtls Network Stream Driver</title>

</head>
<body>
<h1>gtls Network Stream Driver</h1>
<p>This <a href="netstream.html">network stream
driver</a> implements a TLS protected transport via the <a href="http://www.gnu.org/software/gnutls/" target="_blank">GnuTLS
library</a>.</p>
<p style="font-weight: bold;">Supported Driver Modes</p>
<ul>
<li>0 - unencrypted trasmission (just like <a href="ns_ptcp.html">ptcp</a> driver)</li>
<li>1 - TLS-protected operation</li>
</ul>Note: mode 0 does not provide any benefit over the ptcp driver.
This mode exists for technical reasons, but should not be used. It may
be removed in the future.<br><span style="font-weight: bold;">
Supported Authentication Modes</span><br>
<ul>
<li><span style="font-weight: bold;">anon</span> - anonymous authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft</li>
<li><span style="font-weight: bold;">x509/fingerprint</span> - certificate fingerprint authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft</li><li><span style="font-weight: bold;">x509/name</span> - certificate validation and subject name authentication as
described in IETF's draft-ietf-syslog-transport-tls-12 Internet draft [NOT YET IMPLEMENTED]</li>
</ul>Note: "anon" does not permit to authenticate the remote peer. As
such, this mode is vulnerable to man in the middle attacks as well as
unauthorized access. It is recommended NOT to use this mode.<br>
[<a href="rsyslog_conf.html">rsyslog.conf overview</a>]
[<a href="manual.html">manual index</a>] [<a href="http://www.rsyslog.com/">rsyslog site</a>]
<p><font size="2">This documentation is part of the
<a href="http://www.rsyslog.com/">rsyslog</a>
project.<br>
Copyright © 2008 by <a href="http://www.gerhards.net/rainer">Rainer
Gerhards</a> and
<a href="http://www.adiscon.com/">Adiscon</a>.
Released under the GNU GPL version 3 or higher.</font></p>
</body></html>