Bug 1028461
Summary: | TLS encryption depends on order of directives in the rsyslog.conf on the server | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Tomas Babej <tbabej> |
Component: | rsyslog | Assignee: | Tomas Heinrich <theinric> |
Status: | CLOSED NOTABUG | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 6.4 | CC: | mkosek, pspacek, pvrabec, tbabej |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-11-18 19:34:53 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Babej
2013-11-08 14:00:44 UTC
(In reply to Tomas Babej from comment #0) > Description of problem: > > When setting up TLS encryption as described in the budled documentation > (also available in http://www.rsyslog.com/doc/tls_cert_server.html), the > order of directives in the rsyslog.conf on the server is important. Yes, the order of the directives matters. To quote from the document you refer to: "Important: Keep in mind that the order of configuration directives is very important in rsyslog. As such, the samples given below do only work if the given order is preserved." Here's a config sample: $InputTCPServerStreamDriverPermittedPeer *.foo.net $InputTCPServerRun 10514 $InputTCPServerStreamDriverPermittedPeer *.bar.net $InputTCPServerRun 20514 Each of the two listeners started here is only affected by the directives preceding it, thus the order is essential. This syntax is clumsy but it stems from the old sysklogd format. There is is a newer syntax in rsyslog v6+ that is not yet available in rhel6. > Expected results: > > Server can decrypt encrypted messages from the client. If it is correctly configured, the server can decrypt encrypted messages. This looks like a not-a-bug. This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days |