Configuring both TLS 1.2 and TLS 1.3 in Logstash 8.8

In my Logstash8.8 syslog configuration file, I want to configure two TLS versions: TLS 1.2 and TLS 1.3, but it doesn't work. Can you provide the correct way to configure it? Should I create two separate inputs?

tcp {
id => tcp_cds_syslog_tls_6516
port => 6516
codec => plain {
charset => "US-ASCII"
ssl_enable => true
ssl_supported_protocols => "TLSv1.2"
ssl_key => "/data/logstash/certs/log_key.pem"
ssl_cert => "/data/logstash/certs/log_cert.pem"
#ssl_cipher_suites => ["TLS_AES_256_GCM_SHA384", "TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"]
ssl_certificate_authorities => ["/data/logstash/certs/log_ca.pem"]
ssl_verify => true

Thank you

What is not working? You didn't share any error log.

You shouldn't change anything, the default for the TCP input is to use TLS v1.2 and TLS v1.3 as you can check in the documentation.

Since you are not on the last version, I'm not sure if on version 8.8 it already uses that.

But to set it just use:

ssl_supported_protocols => ['TLSv1.2', 'TLSv1.3']

Also, are you using the bundled jdk or another jdk?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.