From 0a3d031696432ce4fb3e655231560d841f839e53 Mon Sep 17 00:00:00 2001
From: Erwan Miran <emiran.ext@orange.com>
Date: Mon, 5 Feb 2024 12:16:36 +0100
Subject: [PATCH 1/2] expose_ssl_min_max_version

---
 README.md                              | 2 ++
 lib/fluent/plugin/out_remote_syslog.rb | 6 +++++-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8bf14a6..885b6c0 100644
--- a/README.md
+++ b/README.md
@@ -59,6 +59,8 @@ $ td-agent-gem install fluent-plugin-remote_syslog
 | tls               | bool (default: false)            |                     | use TLS (tcp only)                                    |
 | ca_file           | string                           |                     | ca_file path (tls mode only)                          |
 | verify_mode       | integer                          |                     | SSL verification mode (tls mode only)                 |
+| ssl_min_version   | string                           |                     | SSL/TLS minimal version (tls mode only)               |
+| ssl_max_version   | string                           |                     | SSL/TLS maximal version (tls mode only)               |
 | packet_size       | integer (default: `1024`)        |                     | size limitation for syslog packet                     |
 | timeout           | integer                          |                     | TCP transfer timeout. if value is 0, wait forever     |
 | timeout_exception | bool (default: `false`)          |                     | if value is true, raise exception by transfer timeout |
diff --git a/lib/fluent/plugin/out_remote_syslog.rb b/lib/fluent/plugin/out_remote_syslog.rb
index 3e163b7..02fb31f 100644
--- a/lib/fluent/plugin/out_remote_syslog.rb
+++ b/lib/fluent/plugin/out_remote_syslog.rb
@@ -21,6 +21,8 @@ class RemoteSyslogOutput < Output
       config_param :tls, :bool, :default => false
       config_param :ca_file, :string, :default => nil
       config_param :verify_mode, :integer, default: nil
+      config_param :ssl_min_version, :string, :default => nil
+      config_param :ssl_max_version, :string, :default => nil
       config_param :packet_size, :size, default: 1024
       config_param :timeout, :time, default: nil
       config_param :timeout_exception, :bool, default: false
@@ -134,6 +136,8 @@ def create_sender(host, port)
             program: @program,
           }
           options[:ca_file] = @ca_file if @ca_file
+          options[:ssl_min_version] = @ssl_min_version if @ssl_min_version
+          options[:ssl_max_version] = @ssl_max_version if @ssl_max_version
           options[:verify_mode] = @verify_mode if @verify_mode
           sender = RemoteSyslogSender::TcpSender.new(
             host,
@@ -161,7 +165,7 @@ def create_sender(host, port)
       module SeverityMapper
         DICT = {
           # "warning" is not supported, but we should use it since "warn" is deprecated.
-          "warning" => "warn", 
+          "warning" => "warn",
         }
 
         def self.map(severity)

From 664b464e97430f369ab12a8010b1b0c4a1451407 Mon Sep 17 00:00:00 2001
From: Erwan Miran <emiran.ext@orange.com>
Date: Mon, 5 Feb 2024 14:48:06 +0100
Subject: [PATCH 2/2] min and max

---
 README.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/README.md b/README.md
index 885b6c0..2583e05 100644
--- a/README.md
+++ b/README.md
@@ -69,6 +69,8 @@ $ td-agent-gem install fluent-plugin-remote_syslog
 | keep_alive_cnt    | integer                          |                     | set TCP keep alive probe count                        |
 | keep_alive_intvl  | integer                          |                     | set TCP keep alive probe interval                     |
 
+Note: Both `ssl_min_version` and `ssl_max_version` must be set if one is set
+
 ### Common Configuration
 
 #### Buffer Section