I am pretty new to configuring rsyslog besides the very basics. We have a ton of simple unencrypted UDP listeners already set up, but this new connection that we need apparently requires TLS. So far what I have seen about setting up rsyslog with TLS implies setting it as the default method with the $DefaultNetstreamDriver gtls config setting. This is not ideal, given all of the existing UDP connections. Is there a way of configuring just a single connection to use TLS without affecting global configs?

In the searching I have done up to this point, I've found the imtcp input module. This seems like it solves about half my problem, but it doesn't seem like I can specify a certificate with this module's parameters. Am I able to set the $DefaultNetstreamDriverCAFile, $DefaultNetstreamDriverCertFile, and $DefaultNetstreamDriverKeyFile global config settings without setting $DefaultNetstreamDriver gtls to make it so that only this new connection uses the certificates?