redpanda-data
Feature request: support TLS sockets
Problem
Ingesting rsyslog can be easily accomplished with use of the socket_server input and the parse_log processor. However for security rsyslog is usually encrypted via TLS in production environments. Support for TLS sockets would enable this use-case.
Solution
Go's crypto/tls package implements the net.Conn interface, meaning that once established, a TLS connection can be treated the same as a normal connection. No additional logic is required after the initial connection is created.
Implementation
socket_server currently has three options for the network property, unix, tcp, and udp. I propose adding a fourth, tls. Additionally add properties cert_file and key_file (this naming convention follows that used by the http_server component, for consistency).
If network is set to tls and both cert_file and key_file are specified, load the certificate and private key from both of those files and enable TLS encryption on the connection. If network is tls and one or both _file options are omitted, create a self-signed certificate and use that to encrypt the connection.
I have an example of this implementation in #1217
Any chance the related PR will ever get merged? Looking to use this feature as well.
