tls.tlsCfgCmd

Forwards SSL_CONF-style commands to OpenSSL when using the openssl backend.

This parameter applies to imrelp: RELP Input Module.

Name:

tls.tlsCfgCmd

Scope:

input

Type:

string

Default:

input=none

Required?:

no

Introduced:

8.2001.0

Description

The setting can be used if tls.tlsLib is set to “openssl” to pass configuration commands to the openssl library. OpenSSL Version 1.0.2 or higher is required for this feature. A list of possible commands and their valid values can be found in the OpenSSL documentation.

The setting can be single or multiline, each configuration command is separated by linefeed (n). Command and value are separated by equal sign (=). Here are a few samples:

Example 1

This will allow all protocols except for SSLv2 and SSLv3:

tls.tlsCfgCmd="Protocol=ALL,-SSLv2,-SSLv3"

Example 2

This will allow all protocols except for SSLv2, SSLv3 and TLSv1. It will also set the minimum protocol to TLSv1.2.

tls.tlsCfgCmd="Protocol=ALL,-SSLv2,-SSLv3,-TLSv1
MinProtocol=TLSv1.2"

Input usage

input(type="imrelp" port="2514" tls="on"
     tls.tlsLib="openssl"
     tls.tlsCfgCmd="Protocol=ALL,-SSLv2,-SSLv3")

See also

See also imrelp: RELP Input Module.

---

Support: rsyslog Assistant | GitHub Discussions | GitHub Issues: rsyslog source project

Contributing: Source & docs: rsyslog source project

© 2008–2025 Rainer Gerhards and others. Licensed under the Apache License 2.0.