From 45111395a668edb3526725a0702565c5782a79de Mon Sep 17 00:00:00 2001 From: Bertrand Jacquin Date: Sun, 19 Aug 2018 00:09:52 +0100 Subject: factory-default: Enforce TLSv1.2 and ECDHE-RSA-AES256-GCM-SHA384 --- .../syslog-ng-3.17.1/etc/syslog-ng/conf.d/0001-send-via-syslog.conf | 4 +++- .../syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) (limited to 'factory-default') diff --git a/factory-default/app-admin/syslog-ng-3.17.1/etc/syslog-ng/conf.d/0001-send-via-syslog.conf b/factory-default/app-admin/syslog-ng-3.17.1/etc/syslog-ng/conf.d/0001-send-via-syslog.conf index 003145d6..69ee5484 100644 --- a/factory-default/app-admin/syslog-ng-3.17.1/etc/syslog-ng/conf.d/0001-send-via-syslog.conf +++ b/factory-default/app-admin/syslog-ng-3.17.1/etc/syslog-ng/conf.d/0001-send-via-syslog.conf @@ -3,7 +3,9 @@ destination d_log.pants-on.net { transport(tls) tls(ca_dir("/etc/ssl/certs") peer_verify(required-trusted) - cipher-suite(AES256-GCM-SHA384) + ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11) + ecdh-curve-list("prime256v1:secp384r1") + cipher-suite("ECDHE-RSA-AES256-GCM-SHA384") ) ); }; diff --git a/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf b/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf index 003145d6..69ee5484 100644 --- a/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf +++ b/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf @@ -3,7 +3,9 @@ destination d_log.pants-on.net { transport(tls) tls(ca_dir("/etc/ssl/certs") peer_verify(required-trusted) - cipher-suite(AES256-GCM-SHA384) + ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11) + ecdh-curve-list("prime256v1:secp384r1") + cipher-suite("ECDHE-RSA-AES256-GCM-SHA384") ) ); }; -- cgit v1.2.3