How can I disable SSLv3 in syslog-ng 3.3.2 client config to sovle CVE-2014-3566(SSLv3 Fallback Vulnerabilit)?
2014-10-29 01:16:25 GMT
In my project I am using syslog-ng as syslog client and send log via TLS.
We all know that recently there is one new security flaw which is Poodle(CVE-2014-3566 - SSLv3 Fallback Vulnerability)
This requires disabling SSLv3
I have checked admin guide of syslog-ng 3.3.2 but I am able to find the option
Could you please let me know the way?
Alternatively I think I may achieve the object by disable SSLv3 ciphers used by syslog-ng client
original ciphers used by us is
ALL:!SSLv2:!MEDIUM:!LOW:!EXP:!ADH:!ECDH:!PSK:!MD5: <at> STRENGTH
I may change it to
ALL:!SSLv3:!SSLv2:!MEDIUM:!LOW:!EXP:!ADH:!ECDH:!PSK:!MD5: <at> STRENGTH
Bug this will make syslog-ng only supports TLS1.2 and cause negative impact to interoperability
______________________________________________________________________________ Member info: https://lists.balabit.hu/mailman/listinfo/syslog-ng Documentation: http://www.balabit.com/support/documentation/?product=syslog-ng FAQ: http://www.balabit.com/wiki/syslog-ng-faq