Derek, Andre, > > There has been no change on nsd_ossl.c driver since January 2023, so I > > believe this is not related to the different rsyslog versions you are > > running. > > The warnings tell you, that there is no client certificate configured > > which > > can be ok but unusual in this setup. The get rid of them I would recommend > > configuring a client certificate as well. > > I'm not using client-authentication, which is why there is no client cert. > Not sure why you consider it "unusual". But that's not the error I am > concerned about.
Derek: I agree and would actually say it is a common scenario. Andre: For that reason, I think we should at most emit an "info" message if it is not set. Not sure what the gtls driver does, but that doesn't really matter - it may need to be changed as well. Also: I think that when server side cert is in place, we are NOT limited to anon ciphers! The server provides its public key, and if I am not totally mistaken, that should be sufficient to use all ciphers, including async ones. Of course, without client cert, we have one-way anon traffic and cannot detect man in the middle. Am I wrong? Rainer _______________________________________________ rsyslog mailing list https://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
