-
Notifications
You must be signed in to change notification settings - Fork 587
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
stunnel plugin #1829
Labels
feature
Adding new functionality
Comments
AdSchellevis
added a commit
to opnsense/core
that referenced
this issue
May 13, 2020
AdSchellevis
added a commit
that referenced
this issue
May 13, 2020
AdSchellevis
added a commit
that referenced
this issue
May 14, 2020
AdSchellevis
added a commit
that referenced
this issue
May 15, 2020
AdSchellevis
added a commit
that referenced
this issue
May 15, 2020
Since stunnel uses different parameter pairs for TLSv1.[1,2] and TLSv1.3, we'll try to sort them out in our config template. When no TLSv1.3 ciphers are allowed, we should limit the sslVersionMax parameter as well as it seems.
AdSchellevis
added a commit
that referenced
this issue
May 15, 2020
AdSchellevis
added a commit
that referenced
this issue
May 15, 2020
AdSchellevis
added a commit
that referenced
this issue
May 17, 2020
AdSchellevis
added a commit
to opnsense/docs
that referenced
this issue
May 17, 2020
AdSchellevis
added a commit
that referenced
this issue
May 18, 2020
AdSchellevis
added a commit
to opnsense/docs
that referenced
this issue
May 18, 2020
AdSchellevis
added a commit
that referenced
this issue
May 18, 2020
AdSchellevis
added a commit
that referenced
this issue
May 18, 2020
* stunnel: boilerplate for #1829 * stunnel: work in progress for #1829 * stunnel: add service control and acl for #1829 * stunnel: add cipher selection for #1829 Since stunnel uses different parameter pairs for TLSv1.[1,2] and TLSv1.3, we'll try to sort them out in our config template. When no TLSv1.3 ciphers are allowed, we should limit the sslVersionMax parameter as well as it seems. * stunnel: set TLS1.2 as minimum * stunnel: disable rc conf when no services are active #1829 * stunnel: CRL support for #1829 * stunnel: simplify cert creation, combine cert+key in one file. for #1829 * stunnel: syslog and log viewer for #1829 * stunnel: add hasync anchor, for #1829
AdSchellevis
added a commit
to opnsense/docs
that referenced
this issue
May 18, 2020
AdSchellevis
added a commit
to opnsense/docs
that referenced
this issue
May 18, 2020
fichtner
pushed a commit
to opnsense/core
that referenced
this issue
May 19, 2020
…sense/plugins#1829 (cherry picked from commit 52999e3)
AdSchellevis
added a commit
that referenced
this issue
May 19, 2020
AdSchellevis
added a commit
that referenced
this issue
May 20, 2020
* add general tab for generic stunnel settings * add chroot, changing default to use a non chroot version, since syslog messages can get lost when syslog-ng is restarted (when in chroot mode) for #1829
AdSchellevis
added a commit
that referenced
this issue
May 20, 2020
needs some more testing, rc wrappers, startup hooks and template adjustments
AdSchellevis
added a commit
that referenced
this issue
May 22, 2020
AdSchellevis
added a commit
that referenced
this issue
May 22, 2020
- used wrong pid for ident status - reload syslog on service start - missing condition in syslog template (hence the service reload) for #1829
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add new stunnel plugin for mutual authenticated tunnel connections.
The initial version should incorporate the following features:
- [] very likely related to stunnel + chroot, but if syslog-ng restarts, stunnel stops logging. maybe we should use an additional log socket.Stunnel doesn't seem to support additional log sockets, made a note and support non-chroot environments.
- [ ] our python Daemonize doesn't support chroot, which would be practical to use for our ident daemon.Maybe we should add another wrapper some day or extend the existing one, choices seem to be limited at the moment.
The text was updated successfully, but these errors were encountered: