logstash-plugins
SSL Issue - Unknown SSL protocol error in connection
Using version 6.4.0
I can't get SSL to work properly. The input comes up and listens on the port, but when I try to hit it I get Unknown SSL protocol error in connection So then I tried to see if the Key/crt is responding correctly openssl s_client -connect $(hostname -f):5054 -status and see that no certificate or key responds:
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 304 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
This is my Config:
input {
http {
port => "5054"
user => "test"
password => "test1234"
ssl => true
ssl_key => "/etc/logstash/certs/server.key"
ssl_certificate => "/etc/logstash/certs/server.crt"
}
}
I notice the doc states this should be a pcks#8 (not sure why #12 isn't allowed since the reset of ELK uses it) but even after converting the key I cannot get a response.
So, not sure if this a bug on my part of an issue with poor logging for the plugin. But after some tweaking I was able to make it work:
input {
http {
port => "5054"
user => "test"
password => "test1234"
ssl => true
ssl_key => "/etc/logstash/certs/new.key"
ssl_certificate => "/etc/logstash/certs/server.crt"
ssl_key_passphrase => ""
ssl_certificate_authorities => "/usr/local/share/ca-certificates/ca.crt"
ssl_verify_mode => peer
}
}```
Is there any thoughts about allowing pcks#12 to work here? All my self signed keys are in this format already and now this is just 1 more thing.
I'm guessing that you had to convert the key from pkcs1 to pkcs8.
We should likely support pkcs1, 8 and 12, prs welcome :)
