Package: rsyslog-gnutls Version: 4.6.4-2 Severity: important Hi,
I've got a SPARC system, Debian squeeze, running rsyslog-gnutls. My rsyslog configuration has: $DefaultNetstreamDriver gtls # use gtls netstream driver $ActionSendStreamDriverMode 1 # require TLS for the connection $ActionSendStreamDriverAuthMode x509/name $DefaultNetstreamDriverCAFile /etc/ssl/chains/addtrust-terena.pem *.*;auth,authpriv.none @@loghost2.uvt.nl:6514 . If I execute: joostvb@popper:~% echo 'test, please ignore' | logger , while on the loghost, running: root@durell:~# tcpdump -w /tmp/mijnlogfile.dump -i eth0 host popper.uvt.nl ; then running root@durell:~# tcpdump -A -r /tmp/mijnlogfile.dump 2>/dev/null | grep ignore gives ,...#.[)<13>Mar 7 12:49:51 popper logger: test, please ignore . The log message is sent in clear text to the log server, while it should have been encrypted using tls. This introduces a security issue, therefore setting severity to "important". (The logserver does not save the message to disk, but complains: Mar 7 13:23:26 durell syslog-ng[2570]: Syslog connection accepted; fd='245', client='AF_INET(137.56.126.144:54724)', local='AF_INET(0.0.0.0:6514)' Mar 7 13:23:26 durell syslog-ng[2570]: SSL error while reading stream; tls_error='SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol' Mar 7 13:23:26 durell syslog-ng[2570]: I/O error occurred while reading; fd='245', error='Connection reset by peer (104)' .) We run lots of Debian systems, both squeeze and wheezy, on amd64, i386 and sparc. Only squeeze on sparc suffers from this problem. Upgrading rsyslog-gnutls to the version in squeeze-backports serves as a workaround: I am now running rsyslog and rsyslog-gnutls version 5.8.11-1~bpo60+2 (and libgnutls26 2.8.6-1+squeeze2), this works flawlessly. Bye, Joost -- Joost van Baal-Ilić http://abramowitz.uvt.nl/ Tilburg University mailto:joostvb.uvt.nl The Netherlands
signature.asc
Description: Digital signature
