syslog SSL support TLS 1.2 ??

Sentinel 8.6.1

event source server: TrendMicro Deep inspector

condition:

    because trendmicro production provide a function to match PCI-DSS requirement...so it must send log by TLS1.2 only.

but it configure send log to senitnel syslog SSL (TCP1443) ....no log send to log server.

Whether  the sentinel's syslog SSL support TLS1.2 or not ?

thanks!!

Wencheng

Tags:

  • 0  

    You could always test the connection.  For example using openssl ...

    openssl s_client -connect sentinel.domain.com:1443 -tls1_2

  • Suggested Answer

    0  

    The 8.6.1 syslog event source server supports both TLS 1.2 and 1.3:

    # nmap -n --script=ssl-enum-ciphers --script=ssl-cert -p 1443 sentinel.example.com
    Starting Nmap 7.92 ( https://nmap.org ) at 2024-07-03 16:30 CEST
    Nmap scan report for sentinel.example.com (172.30.1.28)
    Host is up (0.00061s latency).

    PORT STATE SERVICE
    1443/tcp open ies-lm
    | ssl-enum-ciphers:
    | TLSv1.2:
    | ciphers:
    | TLS_DHE_RSA_WITH_AES_128_CBC_SHA (dh 2048) - A
    | TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 (dh 2048) - A
    | TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 (dh 2048) - A
    | TLS_DHE_RSA_WITH_AES_256_CBC_SHA (dh 2048) - A
    | TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (dh 2048) - A
    | TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (dh 2048) - A
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1) - A
    | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
    | TLS_RSA_WITH_AES_128_CBC_SHA256 (rsa 2048) - A
    | TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_CBC_SHA256 (rsa 2048) - A
    | TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
    | compressors:
    | NULL
    | cipher preference: client
    | TLSv1.3:
    | ciphers:
    | TLS_AKE_WITH_AES_128_GCM_SHA256 (secp256r1) - A
    | TLS_AKE_WITH_AES_256_GCM_SHA384 (secp256r1) - A
    | cipher preference: client
    |_ least strength: A

  • 0 in reply to   

    Thanks!

       I use this command , it show the message like below. it seem indeed support TLS1.2

    =========================

    openssl s_client -connect 192.168.0.227:1443 -tls1_2
    CONNECTED(00000003)
    depth=0 O = broker, CN = sentinelC
    verify error:num=18:self signed certificate
    verify return:1
    depth=0 O = broker, CN = sentinelC
    verify return:1
    ---
    Certificate chain
    0 s:/O=broker/CN=sentinelC
    i:/O=broker/CN=sentinelC
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIIC6zCCAdOgAwIBAgIEHhbg2jANBgkqhkiG9w0BAQsFADAlMQ8wDQYDVQQKEwZi
    cm9rZXIxEjAQBgNVBAMTCXNlbnRpbmVsQzAgFw0xNjA3MTgwMzM4MzJaGA8yMTE2
    MDYyNDAzMzgzMlowJTEPMA0GA1UEChMGYnJva2VyMRIwEAYDVQQDEwlzZW50aW5l
    bEMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCBuFybMgJe0CEJwjRf
    caxWVcHDEkJwP9uHkgSS9t3U6JbniShqzJnKJskkViB2VSx39iCM7VHUEHD7lkta
    m0nJExMagyJIW9EpyyRseHgQvFZgDKpujPq7ybqsLVQxYOeRGE4We54Uiwk/GEzS
    ByvdwulNaGkySkUhGAm0x/g/28opw14zXJ/vT/OYQjZrXhsJhn+c9i2Ie/VwJkBO
    1rIpDMIajBQ1P/6wQICRrsuGJqYAciyokayzCoQzyGbl8B3ALIrM85uLdjPK4Y4H
    1fgMRwWtTNJmnLqvWFvheC6rn1WSBawyI+G4Rr9IDMuDoc2qVwmvOWKPSKReZSRJ
    suHbAgMBAAGjITAfMB0GA1UdDgQWBBRrk9cP4TH50QqjNsfUKs6/IuGynTANBgkq
    hkiG9w0BAQsFAAOCAQEAHHr30rphpne/DaWjjVTAQujBSeXQ7DUO7opB+hXg3VPQ
    CsCzB8580bvSPrVfBREkGFIE7rFnB+j6a4X57f9DnTvergSNE/OnlQOAMwBeHNI8
    qDOmGLTzoY9OQlQPFFShRZoqCgXLeogT/DmZdJBGntsOhGIrv5kakQgQyj5HuHvP
    6CIVi/hp9uEXqnqjFql7/elmTqBIQlmt8cSTt1cr/F++VdhosP+8Uc8oZOoVrvu6
    Qt0p1juHmoH1CnLflE4Ur/RyGK4gytfvbbao8D5FpT3tPHjdsg4hqXzcDjTWkUZN
    LWloNqNliSCCvRUSOjIaIu7tdXU0mqcpt1Cf2Flflg==
    -----END CERTIFICATE-----
    subject=/O=broker/CN=sentinelC
    issuer=/O=broker/CN=sentinelC
    ---
    No client certificate CA names sent
    Peer signing digest: SHA512
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 1250 bytes and written 419 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
    Protocol : TLSv1.2
    Cipher : ECDHE-RSA-AES256-GCM-SHA384
    Session-ID: F8CBA36F93EEA0E9274DF49DC678D48DD867573A18A1603C51665A5F77195CAC
    Session-ID-ctx:
    Master-Key: 0BA97715235AB8B2933847BFC7CD65AFB3FAE30C7EC137DED6ABF5547CFE1015 1F9334F1FD1052A9FEDED323ABBB16FC
    Key-Arg : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1720052743
    Timeout : 7200 (sec)
    Verify return code: 18 (self signed certificate)
    ---