logstash icon indicating copy to clipboard operation
logstash copied to clipboard

Published 20 hours ago verified publisher icon elastic

Add support for TLS/SSL certificate revocations

Open VimCommando opened this issue 5 years ago • 7 comments

As it stands today Logstash does not check if a certificate has been revoked. This means if a certificate has been compromised, the entire trust chain may need to be replaced. To simplify the security response, honoring a Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP) will be an enormous help.

JRuby's SSL libraries already supports this: https://github.com/jruby/jruby-openssl/pull/124

VimCommando avatar Feb 13 '20 01:02 VimCommando

+1 I really look for this feature

crizbe avatar May 05 '20 12:05 crizbe

+1 we would need this too as this is often a requirement in enterprise environments

cskowronnek avatar May 13 '20 16:05 cskowronnek

+1 we are wondering if there is any progress here?

cmer86 avatar Feb 02 '22 17:02 cmer86

+1 we are wondering if there is any progress here? Can someone add the security label here?

cstegm avatar Sep 26 '22 14:09 cstegm

+1 this would be a great (almost necessary) feature

dmuensterer avatar Dec 25 '22 13:12 dmuensterer

+1 it is otherwise very hard to argument about the effective use of Logstash for TLS

makefu avatar Nov 08 '23 11:11 makefu

+1

32bitbradley avatar Jan 22 '24 02:01 32bitbradley