Does logstash use openssl when using the SSL / TLS protocol?
If so, where can I find the version of openssl?
Welcome to our community! 
I'm not sure of this myself, hopefully someone can clarify. But what's the reason for asking this?
That depends on which filter you are using. A tcp input uses netty, and netty uses OpenSSL. The elasticsearch filters use cheald's manticore, which is built upon the Apache http client, which uses JSSE.
JRuby-OpenSSL uses Bouncy Castle to emulate OpenSSL. It does not use OpenSSL.
If you want to know versions I would suggest building logstash from source and seeing what dependencies get pulled.
3 Likes
Thank you for your reply.
If logstash uses openssl, we wanted to see if that version was vulnerable.
Thank you for your reply.
I'm going to build logstash from source and check it.
It was helpful. Thank you
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.