A mutually authenticated TLS session can be closed by the sender with either TCP closure or close_notify. The transport shipper is rsyslog to our receiver, syslog-ng. rsyslog is reporting a connection error when syslog-ng does not properly respond with the close_notify alert response per RFC.
I'm wondering how to validate this as well as potentially log it, and correct it?
syslog-ng 3 (3.20.1)
Config version: 3.20
Installer-Version: 3.20.1
Revision: 3.20.1-1
Compile-Date: Mar 1 2019 09:36:45
Module-Directory: /usr/lib/syslog-ng/3.20
Module-Path: /usr/lib/syslog-ng/3.20
Include-Path: /usr/share/syslog-ng/include
Error opening plugin module; module='mod-java', error='libjvm.so: cannot open shared object file: No such file or directory'
Available-Modules: hook-commands,stardate,csvparser,dbparser,afuser,add-contextual-data,graphite,riemann,tfgetent,geoip-plugin,afsocket,syslogformat,afsql,redis,disk-buffer,mod-python,pseudofile,afmongodb,pacctformat,affile,http,geoip2-plugin,confgen,basicfuncs,cryptofuncs,afstomp,xml,map-value-pairs,afamqp,kvformat,appmodel,sdjournal,examples,afprog,cef,afsmtp,date,system-source,json-plugin,snmptrapd-parser,tags-parser,linux-kmsg-format
Enable-Debug: off
Enable-GProf: off
Enable-Memtrace: off
Enable-IPv6: on
Enable-Spoof-Source: on
Enable-TCP-Wrapper: on
Enable-Linux-Caps: on
Enable-Systemd: on
syslog-ng
I have a report that syslog-ng is not sending a response to a tls session's close_notify alert per RFC5425 4.4 spec: https://tools.ietf.org/html/rfc5425#section-4.4
A mutually authenticated TLS session can be closed by the sender with either TCP closure or close_notify. The transport shipper is rsyslog to our receiver, syslog-ng. rsyslog is reporting a connection error when syslog-ng does not properly respond with the close_notify alert response per RFC.
I'm wondering how to validate this as well as potentially log it, and correct it?
Version of syslog-ng
Platform
Ubuntu 16.04.6 LTS
Linux 4.4.0-87-generic #110-Ubuntu SMP Tue Jul 18 12:55:35 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux