[rsyslog-notify] Forum Thread: TLS(or ssl) integration without certificates - (Mode 'post')
noreply at adiscon.com
noreply at adiscon.com
Tue Aug 12 16:25:40 CEST 2014
User: broubach
Forumlink: http://kb.monitorware.com/viewtopic.php?p=24825#p24825
Message:
----------
Hi guys,
I've been given the task of transfering the log of our system over the wire
to a remote machine in a secure way using rsyslog.
I was also told that the Anonymous Deffie-Hellman key exchange algorithm do
not rely on certificates. I know it is prone to man in the middle attacks,
and that's ok to us.
I also know that this might not be what it is written in the RFC, which
apparently recomends mutual authentication.
But all the sample links and documentation I found about rsyslog and TLS
point to certificates being created, at least in the server. When I try to
create the TLS server without certificate, I get an error in the log.
Now the question: is it possible to use the Anonymous Deffie-Hellman key
exchange algorithm without certificates in the rsyslog/tls(or ssl)
integration? What am I missing?
At least for now, I have to use RedHat 6.5 with its rsyslog version 5.8.10.
It could be changed if needed.
cheers,
Bernardo
More information about the rsyslog-notify
mailing list