Let's Talk
Let's Talk
Ask questions. Get answers. Find technical product solutions from passionate experts in the NXLog community.
Usage of TLS protocol in CE

NXLOG version: NXLog CE 3.0.2272

OS version: Windows 2019 server \ Windows 10 for client

Issue: I inspect the communication between NXLog client and server via Wireshark. Client output module is om_ssl and server input module is im_ssl. I've been expecting to see the usage of TLS protocol, but all I see is TCP and RSH protocols, which are non secure protocols. How can this be explained?

Client config: <Output out_ssl> Module om_ssl Host <host_ip> Port 514 OutputType Binary AllowUntrusted TRUE </Output>

Server config: <Input in_ssl> Module im_ssl Host 0.0.0.0 Port 514 InputType Binary CAFile <CA path> CertFile <Certificate path> CertKeyFile <private key path> KeyPass <key password> AllowUntrusted TRUE RequireCert FALSE </Input>

Wireshark is tracking 514 port on the server.

Thanks!


LaniMils created
ssl/tls | om_ssl
EVP_CIPHER_CTX_init results in libcrypto not found

Dear,

Attempting to compile nxlog-ce on Arch Linux i hit a snag.

./configure results in checking for openssl/evp.h... yes checking for EVP_CIPHER_CTX_init in -lcrypto... no configure: error: libcrypto not found

-- the configure: error is generated on

#define HAVE_LIBCRYPTO 1 _ACEOF

LIBS="-lcrypto $LIBS"

else as_fn_error $? "libcrypto not found" "$LINENO" 5 fi

I doubt if i want to modify ./configure to skip this. What can i do to fix this ?

lib is installed

/usr/lib/libressl/libcrypto.so /usr/lib/libressl/libcrypto.so.46 /usr/lib/libressl/libcrypto.so.46.0.1 /usr/lib/libressl/pkgconfig/libcrypto.pc /usr/lib/libcryptopp.so /usr/lib/libcryptopp.so.8 /usr/lib/libcryptopp.so.8.2.0 /usr/lib/libcrypto.so /usr/lib/libcrypto.so.1.1

Br,

Joris


commandline-be created
Replies: 7
View post »
last updated
compilation | NXLog Community Edition | open source | ssl/tls
Community edition TLS version

According to the NXlog user documentation (https://nxlog.co/documentation/nxlog-user-guide-full#introduction) the community edition only supports TLSv1.0. Will it be updated to support TLSv1.2 since 1.0 has known vulnerabilities? And if so when is this planned for?


loza created
Replies: 1
View post »
last updated
ssl/tls
Error 26: unsupported certificate purpose

I am currently running into an issue receiving syslog over ssl/tls. I cannot figure it out for the life of me!

Version: CE-2.10.2150

Error: INFO SSL connection accepted from IP_ADDRESS:PORT ERROR SSL certificate verification failed: unsupported certificate purpose (err: 26) WARNING SSL connection closed from IP_ADDRESS:PORT

Config: <Input in> Module im_ssl Host 0.0.0.0 Port 516 AllowUntrusted TRUE CAFile %CERTDIR%%CA-PEM% CertFile %CERTDIR%%CRT% CertKeyFile %CERTDIR%%KEY% KeyPass %PASSWORD% </Input>


jstock created
Replies: 1
View post »
last updated
err: 26 | ssl/tls