I thought I share some news on what I have been busy with and intend to be in the future. In the past days, I have added more config options to librelp, which now supports GnuTLS compression methods as well as provides the ability to set the Diffie-Hellman key strength (number of bits) and - for experts - to set the GnuTLS priorities, which select the cipher methods and other important aspects of TLS handling.
is done now and I also added rsyslog facilities to use these new
features. Some of this stuff is not yet released, but will soon be.
next big step is preventing man-in-the-middle attacks. I will most
probably use SSH-type fingerprint authentication, so that no full PKI is
necessary to make this work. I guess implementing this feature set will
probably take a couple of days and will keep you posted on how things