Disable SNI in the TLS session to when connecting to Logstash

When using Logstash 8.3.x on Linux we can connect via SSL from a server with an IPv6 address.
When using Logstash 8.4.0 and higher, we get an error trying to establish a connection. By enabling duebggng in the JVM by adding the "-Djavax.net.debug=all" parameter, I could see the error details (below).

IN short, it appears SNI is throwing the error due to the name being an IP address. But why is SNI involved here? Is there a way to disable or enable it? This error did not occur in Logstash 8.3.x, and I cannot find a change note that seems to relate to this. Any help would be appreciated, as we are unable to update to a newer version of Logstash until we figure this out.

Thank in advance.

javax.net.ssl|ERROR|10 4F|http-input-processor[T#3]|2023-10-31 07:38:53.328 PDT|TransportContext.java:363|Fatal (ILLEGAL_PARAMETER): Illegal server name, type=host_name(0), name=fc00::1:192:168:0:159, value={666330303A3A313A3139323A3136383A303A313539} (
"throwable" : {
javax.net.ssl.SSLProtocolException: Illegal server name, type=host_name(0), name=fc00::1:192:168:0:159, value={666330303A3A313A3139323A3136383A303A313539}

Caused by: java.lang.IllegalArgumentException: The encoded server name value is invalid
at java.base/javax.net.ssl.SNIHostName.(SNIHostName.java:179)
at java.base/sun.security.ssl.ServerNameExtension$CHServerNamesSpec.(ServerNameExtension.java:131)
... 38 more
Caused by: java.lang.IllegalArgumentException: Contains non-LDH ASCII characters
at java.base/java.net.IDN.toASCIIInternal(IDN.java:297)
at java.base/java.net.IDN.toASCII(IDN.java:123)
at java.base/javax.net.ssl.SNIHostName.(SNIHostName.java:175)

Agreed. "Contains non-LDH ASCII characters" is saying that the IPV6 address contains a character (colon) that is not LDH (letter/digit/hyphen). Can you provide more of the stack trace (up to a point where it includes logstash code) and a redacted configuration of the plugin that is getting that exception?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.