From 936c73cc4eebe5f7027501f60a64812ee3d9d220 Mon Sep 17 00:00:00 2001
From: Bertrand Jacquin <bertrand@jacquin.bzh>
Date: Tue, 20 Aug 2019 23:46:52 +0100
Subject: factory: Harden app-admin/syslog-ng config

---
 .../app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'factory-default')

diff --git a/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf b/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf
index 69ee5484..1ba63a13 100644
--- a/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf
+++ b/factory-default/app-admin/syslog-ng/etc/syslog-ng/conf.d/0001-send-via-syslog.conf
@@ -4,8 +4,9 @@ destination d_log.pants-on.net {
          tls(ca_dir("/etc/ssl/certs")
              peer_verify(required-trusted)
              ssl-options(no-sslv2, no-sslv3, no-tlsv1, no-tlsv11)
-             ecdh-curve-list("prime256v1:secp384r1")
+             ecdh-curve-list("prime256v1:secp384r1:secp521r1")
              cipher-suite("ECDHE-RSA-AES256-GCM-SHA384")
+             allow-compress(no)
             )
         );
 };
-- 
cgit v1.2.3